warzonerat | WARZONE-main[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

WARZONE-main.zip
Size

9.7MB
MD5

4f81d2cf9936f7978f060d61c4c62d17
SHA1

196f24200dfa7ef93719fb073b270291c1007cc7
SHA256

7806455727859531d411a674cfee32a2d159c3ac2cf2e8a32cd47671b2dab6ba
SHA512

b150891d41bf57683a1275f71e518aadae007ada231ea95e11ce85752dce9159499a8cd77d5ee515b57be56f43880f8d0cd9d2118192a3d2b4caefd4dbbc5030
SSDEEP

196608:eFjGXYRBY1ny0CDv1uIchYAF9FtTpLHJrPolfH7RgjWPwV68ls3TIgIJ/Txt:0G2Y1nyT1uIvAF9FtTp9ro9VgjWY4TId

Score

10^/10

rat warzonerat

Malware Config

Signatures

Warzone RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/cratclient.bin	warzonerat

Warzonerat family
warzonerat

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/ServerManager.dll
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/SocksManager.exe
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rdpwrap32.dll
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rdpwrap64.dll
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rdpwrap64_back.dll
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/sqlite3.dll
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/vncviewer.exe
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/PETools.dll
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/WARZONE RAT.exe
unpack001/WARZONE-main/WARZONE RAT 1.84 CRACKED/cratclient.bin

Files

WARZONE-main.zip
.zip
WARZONE-main/README.md
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/ServerManager.dll
.dll windows:5 windows x86 arch:x86

43276e2555cc844cac1ebf1c83657e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
accept
bind
closesocket
listen
WSAStartup
getpeername
getsockname
send
socket
ntohs
inet_ntoa
recv
htons
WSAGetLastError

user32

MessageBoxA

kernel32

RaiseException
CreateFileW
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStringTypeW
GetProcessHeap
Sleep
AllocConsole
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
DecodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
GetACP
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

?lst@@YAXH@Z

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/SocksManager.exe
.exe windows:5 windows x86 arch:x86

dffa98c82f6005852eab3cea912b9dc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
accept
bind
closesocket
listen
WSAStartup
getpeername
getsockname
send
socket
ntohs
inet_ntoa
recv
htons
WSAGetLastError

kernel32

WriteFile
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
SetConsoleTitleA
Sleep
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FreeEnvironmentStringsW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
DecodePointer
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/geoip/GeoIP.dat
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rV.bsp1
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rdpwrap.ini
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rdpwrap32.dll
.dll windows:5 windows x86 arch:x86

4ed84fc157e2a47dbff1bafdc889324d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
GetSystemMetrics
CharUpperBuffW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteProcessMemory
WaitForSingleObject
SuspendThread
SignalObjectAndWait
SetEvent
ResumeThread
ResetEvent
ReadProcessMemory
MultiByteToWideChar
LoadResource
LoadLibraryW
GetVersionExW
GetThreadLocale
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFileAttributesW
GetDiskFreeSpaceW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
CreateEventW
CloseHandle
GetModuleHandleExW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
OpenThread

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rdpwrap64.dll
.dll windows:6 windows x64 arch:x64

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
SetLastError
SetFilePointer
WriteFile
CloseHandle
GetModuleHandleExW
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
GetModuleHandleW
FindResourceW
LoadResource
LoadLibraryExW
WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
LoadLibraryW
GetProcAddress
ReadProcessMemory
SetFilePointerEx
SetStdHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW

user32

wsprintfA

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/rdpwrap64_back.dll
.dll windows:6 windows x64 arch:x64

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
SetLastError
SetFilePointer
WriteFile
CloseHandle
GetModuleHandleExW
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
GetModuleHandleW
FindResourceW
LoadResource
LoadLibraryExW
WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
LoadLibraryW
GetProcAddress
ReadProcessMemory
SetFilePointerEx
SetStdHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW

user32

wsprintfA

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/sqlite3.dll
.dll windows:5 windows x86 arch:x86

1b1a70babde0a2663fcc833b56850660

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
EncodePointer
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LCMapStringW
GetStringTypeW
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/tvnviewer.exe
.exe windows:5 windows x86 arch:x86

95c90ed6e3f55f46962e9a9ff40228bf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f6:7f:2c:33:f0:a5:9a:3e:3b:b4:04:82:4b:2a:a8:f0
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/07/2016, 00:00

Not After

19/07/2017, 23:59

Subject

CN=GlavSoft LLC,O=GlavSoft LLC,POSTALCODE=634021,STREET=ul. Altayskaya 132-82,L=Tomsk,ST=Tomsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:bf:1a:23:a5:6c:34:7f:7d:ec:35:57:94:e3:90:c6:4f:c2:a2:db
Signer

Actual PE Digest

c5:bf:1a:23:a5:6c:34:7f:7d:ec:35:57:94:e3:90:c6:4f:c2:a2:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\build\tightvnc-2.8.8-gpl\Release\tvnviewer.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
InitCommonControlsEx
CreateToolbarEx

ws2_32

WSAGetLastError
htonl
htons
ntohl
ntohs
gethostbyname
bind
connect
recv
send
select
__WSAFDIsSet
accept
closesocket
getsockname
getpeername
listen
shutdown
socket
WSACleanup
WSAStartup
setsockopt

kernel32

CreateDirectoryW
SetFileTime
CreateFileW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
CloseHandle
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
ResumeThread
Sleep
CreateThread
GetLastError
GetModuleFileNameW
TerminateProcess
SetEvent
CreateEventW
CreateProcessW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCommandLineW
GetProcAddress
LocalFree
GetCurrentThreadId
GetCurrentProcessId
GetPrivateProfileStringW
GetLogicalDriveStringsW
GetPrivateProfileIntW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
WriteFile
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetCPInfo
HeapReAlloc
HeapAlloc
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapFree
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
SetErrorMode
FindFirstFileW
FormatMessageW
FindResourceW
LoadResource
LockResource
FreeResource
GetLocalTime
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetStartupInfoA
QueryPerformanceCounter
IsValidLocale
GetModuleHandleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSizeEx
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
WritePrivateProfileStringW

user32

IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SystemParametersInfoW
GetKeyboardLayout
ToUnicodeEx
GetAsyncKeyState
GetKeyState
GetDC
ReleaseDC
GetParent
LoadBitmapW
FillRect
EndPaint
BeginPaint
ScreenToClient
GetClientRect
ShowScrollBar
SetScrollInfo
GetSystemMenu
GetMenuItemID
InsertMenuItemW
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetMenuItemCount
DestroyMenu
CheckMenuItem
CreateWindowExW
DestroyWindow
DialogBoxParamW
SetClassLongW
EndDialog
PostQuitMessage
SetClipboardData
GetPriorityClipboardFormat
EmptyClipboard
OpenClipboard
GetClipboardData
CloseClipboard
IsWindow
InvalidateRect
GetWindowTextW
SetWindowTextW
LoadAcceleratorsW
LoadIconW
SetWindowPlacement
GetWindowRect
KillTimer
LoadCursorW
MessageBeep
SetFocus
GetKeyboardLayoutNameW
GetWindowPlacement
MonitorFromWindow
GetDesktopWindow
SetWindowPos
ShowWindow
GetMonitorInfoW
TranslateAcceleratorW
SetTimer
GetMessageW
UnregisterClassW
TranslateMessage
SetWindowLongW
GetSysColorBrush
GetActiveWindow
RegisterClassW
DefWindowProcW
DispatchMessageW
EnableWindow
PostMessageW
GetWindowLongW
GetSystemMetrics
SendMessageW
DestroyIcon
CallWindowProcW
IsWindowVisible
TrackPopupMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
GetDlgItem
MessageBoxW
SetClipboardViewer
CreateDialogParamW
SetMenuDefaultItem

gdi32

GetCurrentObject
CreateDIBSection
SetStretchBltMode
StretchBlt
DeleteDC
SelectObject
CreateCompatibleDC
GetObjectW
BitBlt
CreateSolidBrush
GetDIBits
DeleteObject

comdlg32

GetSaveFileNameW

advapi32

RegCreateKeyW
RegCreateKeyExW
RegOpenKeyW
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Datas/vncviewer.exe
.exe windows:4 windows x86 arch:x86

40269abf5b1cb28ac007eed117b0b2c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

comctl32

_TrackMouseEvent

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
PFXImportCertStore

gdi32

Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateEnhMetaFileA
CreateFontA
CreatePalette
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteObject
EqualRgn
ExtCreatePen
ExtCreateRegion
GdiFlush
GetCharacterPlacementW
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetGlyphOutlineW
GetRgnBox
GetStockObject
GetTextExtentPoint32W
GetTextMetricsA
GetWindowOrgEx
LPtoDP
LineTo
MoveToEx
Pie
PlayEnhMetaFile
PolyPolygon
Polygon
Polyline
RealizePalette
RectInRegion
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetDIBitsToDevice
SetPixel
SetTextAlign
SetTextColor
SetWindowOrgEx
StretchDIBits
TextOutW
UpdateColors

kernel32

AllocConsole
CloseHandle
CreateEventA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetComputerNameA
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte

msimg32

AlphaBlend

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_close
_errno
_execvp
_exit
_findclose
_findfirst
_fmode
_fstati64
_fullpath
_initterm
_iob
_lock
_mkdir
_onexit
_open
_open_osfhandle
_putenv
_setjmp3
_snwprintf
time
localtime
gmtime
ctime
_stati64
_strdup
_stricmp
_strnicmp
atol
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
islower
isprint
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
qsort
raise
rand
realloc
remove
rename
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
_unlock
_vsnwprintf
_waccess
_wchmod
_wfopen
_wgetcwd
_wgetenv
_wmkdir
_wopen
_wrename
_wrmdir
_wstat
_wunlink
abort
acos
atof
atoi
system
time
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcschr
wcscoll
wcscpy
wcsftime
wcslen
wcstombs
wcsxfrm
_vsnprintf
_findnext
longjmp
_write
_strdup
_read
_open
_getpid
_getcwd
_fileno
_fdopen
_close

ole32

DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium

shell32

DragQueryFileW
SHGetSpecialFolderPathA

user32

AdjustWindowRectEx
BringWindowToTop
CallNextHookEx
ChangeClipboardChain
ClientToScreen
CloseClipboard
CopyIcon
CreateIconIndirect
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
FillRect
GetAsyncKeyState
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowRect
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsWindow
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
OpenIcon
PeekMessageA
PeekMessageW
PostMessageA
PostThreadMessageA
RegisterClassExA
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
SendMessageA
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetFocus
SetForegroundWindow
SetRect
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
ToUnicode
TranslateMessage
UnhookWindowsHookEx
ValidateRgn
WindowFromPoint

ws2_32

WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/105
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/PETools.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Workspace\Projects\MiscProjects\PETools-master\obj\Release\PETools.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/Screenshots/UI.png
.png
WARZONE-main/WARZONE RAT 1.84 CRACKED/WARZONE RAT 1.84_crack.exe.config
.xml
WARZONE-main/WARZONE RAT 1.84 CRACKED/WARZONE RAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/cratclient.bin
.exe windows:5 windows x86 arch:x86

b76aafdc988ade2ab3db3b02fa4c6d00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
GetFileSize
FreeLibrary
WaitForSingleObject
GetCurrentProcess
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
Sleep
CreateProcessW
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
LoadLibraryA
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
lstrcmpW
VirtualProtectEx
CreateProcessA
SizeofResource
VirtualProtect
LockResource
GetWindowsDirectoryW
Process32First
WriteProcessMemory
Process32Next
GetWindowsDirectoryA
VirtualAllocEx
CreateRemoteThread
IsWow64Process
GetTempPathA
GetTickCount
lstrcpyW
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
lstrcatA
GetProcessHeap
HeapAlloc
GetComputerNameW
lstrcmpA
lstrlenA
ExpandEnvironmentStringsW
lstrlenW
CloseHandle
lstrcatW
GetLastError
GetModuleHandleA
SetLastError
GetModuleFileNameA
CreateDirectoryW
SetEvent
Process32FirstW

user32

MessageBoxA
GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
SetWindowsHookExA
RegisterClassW
GetRawInputData
MapVirtualKeyA
GetForegroundWindow
DefWindowProcA
RegisterRawInputDevices
GetLastInputInfo
ToUnicode
GetKeyNameTextW
PostQuitMessage
GetWindowTextW
TranslateMessage
wsprintfA
wsprintfW

advapi32

FreeSid
LookupAccountSidW
GetTokenInformation
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExA
RegSetValueExW
StartServiceW
EnumServicesStatusExW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ord680
ShellExecuteExA

urlmon

URLDownloadToFileW

ws2_32

freeaddrinfo
htons
recv
connect
socket
send
WSAStartup
getaddrinfo
shutdown
closesocket
WSACleanup
ioctlsocket
ntohs
gethostbyname
inet_addr
setsockopt

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

shlwapi

StrStrW
PathRemoveFileSpecA
StrStrA
PathCombineA
PathFindFileNameW
PathFindExtensionW
PathFileExistsW

netapi32

NetLocalGroupAddMembers
NetUserAdd

oleaut32

VariantInit

crypt32

CryptStringToBinaryA
CryptUnprotectData

psapi

GetModuleFileNameExW

wininet

InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetCheckConnectionW

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE-main/WARZONE RAT 1.84 CRACKED/license.dat
WARZONE-main/WARZONE RAT 1.84 CRACKED/license.dll
.dll windows:5 windows x86 arch:x86

5a909d752e171d26c037f37507944dd6

Code Sign

02:09:71:29:96:73:3d:cb:96:ec:30:0d:c5:f6:73:51
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/08/2016, 00:00

Not After

22/10/2019, 12:00

Subject

SERIALNUMBER=614344,CN=wyDay\, LLC,O=wyDay\, LLC,POSTALCODE=03801,STREET=1465 Woodbury Ave.\, PMB 202,L=Portsmouth,ST=New Hampshire,C=US,1.3.6.1.4.1.311.60.2.1.2=#130d4e65772048616d707368697265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:09:71:29:96:73:3d:cb:96:ec:30:0d:c5:f6:73:51
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/08/2016, 00:00

Not After

22/10/2019, 12:00

Subject

SERIALNUMBER=614344,CN=wyDay\, LLC,O=wyDay\, LLC,POSTALCODE=03801,STREET=1465 Woodbury Ave.\, PMB 202,L=Portsmouth,ST=New Hampshire,C=US,1.3.6.1.4.1.311.60.2.1.2=#130d4e65772048616d707368697265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:01:09:84:4c:d8:ee:a5:2b:8a:af:88:29:9f:f4:4b:52:17:be:b2:40:b2:d4:8a:6a:dd:e2:e1:16:9f:d9:1d
Signer

Actual PE Digest

45:01:09:84:4c:d8:ee:a5:2b:8a:af:88:29:9f:f4:4b:52:17:be:b2:40:b2:d4:8a:6a:dd:e2:e1:16:9f:d9:1d

Digest Algorithm

sha256

PE Digest Matches

true

68:f8:ad:e9:04:1e:6a:95:a4:2d:06:b5:e1:02:5e:15:e5:97:a5:74
Signer

Actual PE Digest

68:f8:ad:e9:04:1e:6a:95:a4:2d:06:b5:e1:02:5e:15:e5:97:a5:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegOpenKeyExA
ChangeServiceConfigW
QueryServiceConfigW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

kernel32

DecodePointer
DeleteCriticalSection
GlobalFree
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
WaitForSingleObjectEx
GetSystemDirectoryW
GetCurrentProcess
GetProcAddress
OpenEventA
ResetEvent
SetEnvironmentVariableA
OutputDebugStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
RaiseException
GetModuleFileNameA
ReadConsoleW
GetOEMCP
GetVersionExW
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
HeapSize
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetFilePointerEx
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetTimeZoneInformation
GetFileType
GetStdHandle
GetCurrentProcessId
LoadLibraryExW
ExitThread
CreateThread
GetEnvironmentStringsW
GetModuleHandleW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
DeleteFileW
SetFileAttributesW
LocalFree
CloseHandle
LocalAlloc
GetLastError
CreateFileW
FileTimeToSystemTime
SetEvent
CreateEventA
CreateDirectoryW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetTickCount
InitializeCriticalSection
Sleep
SleepEx
VerSetConditionMask
LoadLibraryW
VerifyVersionInfoW
WaitForSingleObject
ExpandEnvironmentStringsA
FormatMessageA
HeapFree
FindClose
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW

user32

GetSystemMetrics

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
SafeArrayGetElement
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString

winhttp

WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

crypt32

CertFreeCertificateContext

ws2_32

socket
__WSAFDIsSet
WSACleanup
WSAStartup
select
WSASetLastError
recv
send
closesocket
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
ioctlsocket
freeaddrinfo
getaddrinfo
WSAIoctl
WSAGetLastError

shlwapi

PathAppendW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

?DeleteProductKey@@YAXI@Z
?GetPPDetails@@YAJPAUPartialProductDetails@@@Z
Activate
ActivateEx
ActivateFromFile
ActivationRequestToFile
ActivationRequestToFileEx
CheckAndSavePKey
Deactivate
DeactivationRequestToFile
ExtendTrial
GetCurrentProduct
GetExtraData
GetFeatureValue
GetPKey
IsActivated
IsDateValid
IsGenuine
IsGenuineEx
IsProductKeyValid
PDetsFromPath
SetCurrentProduct
SetCustomActDataPath
SetCustomProxy
SetProgressDelegate
TA_Activate
TA_ActivateFromFile
TA_ActivationRequestToFile
TA_CheckAndSavePKey
TA_Deactivate
TA_DeactivationRequestToFile
TA_ExtendTrial
TA_GenuineDays
TA_GetExtraData
TA_GetFeatureValue
TA_GetHandle
TA_GetPKey
TA_IsActivated
TA_IsDateValid
TA_IsGenuine
TA_IsGenuineEx
TA_IsProductKeyValid
TA_PDetsFromByteArray
TA_PDetsFromPath
TA_SetCustomActDataPath
TA_SetCustomProxy
TA_TrialDaysRemaining
TA_UseTrial
TA_UseTrialVerifiedFromFile
TA_UseTrialVerifiedRequest
TrialDaysRemaining
UseTrial

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43276e2555cc844cac1ebf1c83657e18

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

user32

kernel32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

dffa98c82f6005852eab3cea912b9dc1

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

4ed84fc157e2a47dbff1bafdc889324d

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.itext Size: 512B - Virtual size: 408B

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 19KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 110B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 4KB

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 57KB - Virtual size: 56KB

.itext
Size: 512B - Virtual size: 408B

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 110B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 6KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 13KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

f6:7f:2c:33:f0:a5:9a:3e:3b:b4:04:82:4b:2a:a8:f0
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

c5:bf:1a:23:a5:6c:34:7f:7d:ec:35:57:94:e3:90:c6:4f:c2:a2:db
Signer

.text
Size: 550KB - Virtual size: 549KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 18KB - Virtual size: 26KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 35KB - Virtual size: 34KB