makop | 533[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

533.7z
Size

2.7MB
MD5

7aded2388d27c5dc782dca435f160857
SHA1

744f53fe1f4c7a43a82e1a942eb71f4175da8935
SHA256

3730e9cba4a93bc985ef7cd2368ccbf5eccd4724f514b38b20e320e5553dd08d
SHA512

518957e9248e65c5231e10c3977d01f7d3b4aa43f08b00c668be8501a88e06d1eaa2a5aaf976ab9caa1d2eacbc7a2029731d5a7054df230aaf93a79294d9083b
SSDEEP

49152:BdRLSYLgm9h2iT/1Xd6STMtS07Cqjgfzj8flramouva2dd1ALRNyndSBSJQIQV:BdNtJPDJXd62MY50R+a5X1my8BSJQzV

Score

10^/10

upx 512478c08dada2af19e49808fbda5b0b makop chaos nefilim mimic blackmatter modiloader gandcrab lockbit

Malware Config

Extracted

Family

blackmatter

Version

1.2

Botnet

512478c08dada2af19e49808fbda5b0b

Credentials

Username:
[email protected]
Password:
120Heisler

Username:
[email protected]
Password:
Tesla2019

Username:
[email protected]
Password:
iteam8**

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com

Attributes

attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Chaos Ransomware 6 IoCs

Processes:

resource	yara_rule
static1/unpack001/14b94844b99ac43c014ea73c3400097e3239a7307d1618e84159a741ab0e8ac3.exe	family_chaos
static1/unpack001/2e6f094748124800d8cf6bdb28bb8aa4caa066923cf3e9778dae8bcb2b6e85ec.exe	family_chaos
static1/unpack001/49aca08f5b259860364fc224601a944aa17161bb1da688e24621038457472d24.exe	family_chaos
static1/unpack001/5199b64b50f678d75f85cb0c3ac97d7df67f23471815e21236b1a790d008fe3c.exe	family_chaos
static1/unpack001/6bda9faf719bb7a55e822667d909086193d323d8fa06b1a3d62437fcf6a9e24b.exe	family_chaos
static1/unpack001/e48bd2f16b53a3630f3fca69d0d236d15bc23b08754d980bd29b15841b0fdf14.exe	family_chaos

Chaos family
chaos

Detects Mimic ransomware 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/2e96b55980a827011a7e0784ab95dcee53958a1bb19f5397080a434041bbeeea.exe	family_mimic

GandCrab payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/da6f543313480695aab95a5e685741a8d185fba0600363f74063eb1cda0f672e.exe	family_gandcrab
static1/unpack001/f08c1c26d375f6881990756e39208017b02af75fca0ebddb72f5e5c14e20363f.exe	family_gandcrab

Gandcrab family
gandcrab
Lockbit family
lockbit

MAKOP ransomware payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/084c57449c765416706301c723116da5073aa60da415c0eb3013239611135b0e.exe	family_makop
static1/unpack001/56f7b48f3877743c44aef0f3e990b3387dd6185f1c40a7477f5b6bad64960659.exe	family_makop

Makop family
makop
Mimic family
mimic

ModiLoader Second Stage 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/606b88fce1441e6d83e1fb2ba1b511e4a9e68f7fc01c55b7c53e08fd28f9a0c4.exe	modiloader_stage2
static1/unpack001/fcb68445068ebf4cd526d316622f9aa3e8065f9a9f42e5330f66f5cb160be393.exe	modiloader_stage2

Modiloader family
modiloader
Nefilim family
nefilim

Nefilim ransomware executable 1 IoCs

File contains patterns typical of Nefilim samples.

Processes:

resource	yara_rule
static1/unpack001/2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e.exe	nefilim_ransomware

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/f7caf7d69cef15d5c3b9983513e4e40edc3a31c5ead4139bc41d1500442a966a.exe	family_lockbit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/3a7265305386f955adbeb6bd7c711f03395963ac36be82e5bb6b1d7b2034c859.exe	upx

Unsigned PE 32 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/084c57449c765416706301c723116da5073aa60da415c0eb3013239611135b0e.exe
unpack001/14b94844b99ac43c014ea73c3400097e3239a7307d1618e84159a741ab0e8ac3.exe
unpack001/2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e.exe
unpack001/2e96b55980a827011a7e0784ab95dcee53958a1bb19f5397080a434041bbeeea.exe
unpack001/34c392448fc0818278cd19bb0841adf573e967be8a0f73bb42bb367a5835b6ea.exe
unpack001/37d8add251cb4179224ebbc0e28f8d9e26b5e64bbaec37f26a996bf51556f04c.exe
unpack001/3a7265305386f955adbeb6bd7c711f03395963ac36be82e5bb6b1d7b2034c859.exe
unpack002/out.upx
unpack001/49aca08f5b259860364fc224601a944aa17161bb1da688e24621038457472d24.exe
unpack001/4a2ad49c934f9ae6ca6b5d0c7cc34f5e12d349640012fa8cf8eb7e2d3acd6c9f.exe
unpack001/5199b64b50f678d75f85cb0c3ac97d7df67f23471815e21236b1a790d008fe3c.exe
unpack001/55c30024aed833336eb4720a1a4a40c78496efb27b3c4d5c3f1d1b5935c12715.exe
unpack001/56f7b48f3877743c44aef0f3e990b3387dd6185f1c40a7477f5b6bad64960659.exe
unpack001/5a96b929383817aa298eec8cca019bcd984fcd71dd8ee353541392c1082756a4.exe
unpack001/606b88fce1441e6d83e1fb2ba1b511e4a9e68f7fc01c55b7c53e08fd28f9a0c4.exe
unpack001/6bda9faf719bb7a55e822667d909086193d323d8fa06b1a3d62437fcf6a9e24b.exe
unpack001/71b46e95fba31267475537a338f49ce1cd0bc56c0f15346b05b673051cbe90a8.exe
unpack001/7d98972d5c78e1d4969da76856d6818942b606c267efa67fd31d39ae77497e9c.exe
unpack001/87b9b910d5d5a053e3b39989cc6fd51601abdaea207a26c765f21f43a4cd4dcb.exe
unpack001/8958d7b8c51215d6a27444b2760f1ce843a414d380052e6e71c2af6e9ab69ce2.exe
unpack001/ab5be9e6911b43f0974e01dabec772b968274d9b5ea39ba2ad7cd294056e5d09.exe
unpack001/b228a698ee826b42e19307f2d34c2620819a67a0e98fd2af08aae570b8178cc0.exe
unpack001/c864a70f78fb972f505ae5b13c0ad984e64c547194beb258926bb4c323fac31d.exe
unpack001/cfd5d9a4e67799f2428c6071dcc13fcf726f49ec3e706f0302b4592a3a0a08f0.exe
unpack001/da6f543313480695aab95a5e685741a8d185fba0600363f74063eb1cda0f672e.exe
unpack001/e05323d9ca6df47d9add5b2f757ea2490ebd11dfe1b56b82a9e93ba9d814e162.exe
unpack001/e48bd2f16b53a3630f3fca69d0d236d15bc23b08754d980bd29b15841b0fdf14.exe
unpack001/ecfb5c95d0f3d112650ef4047936e8fa5244c21c921f6c7a6963e92abab4949d.exe
unpack001/f08c1c26d375f6881990756e39208017b02af75fca0ebddb72f5e5c14e20363f.exe
unpack001/f354148b5f0eab5af22e8152438468ae8976db84c65415d3f4a469b35e31710f.exe
unpack001/f7caf7d69cef15d5c3b9983513e4e40edc3a31c5ead4139bc41d1500442a966a.exe
unpack001/fcb68445068ebf4cd526d316622f9aa3e8065f9a9f42e5330f66f5cb160be393.exe

Files

533.7z
.7z
084c57449c765416706301c723116da5073aa60da415c0eb3013239611135b0e.exe
.exe windows:4 windows x86 arch:x86

b7b88f9fba96375d4eebc5d049319af3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
GetVersion
PeekNamedPipe
GetProcAddress
LoadLibraryA
GetComputerNameW
SetEvent
CreateEventW
TerminateThread
SetFilePointerEx
GetFileType
GetModuleHandleA
DuplicateHandle
GetCurrentProcessId
ExitProcess
GetModuleHandleW
CreatePipe
LocalFree
GetCommandLineW
GetEnvironmentVariableW
CreateProcessW
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetStdHandle
WriteFile
Sleep
TryEnterCriticalSection
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
OpenProcess

user32

DialogBoxParamW
RegisterHotKey
PostMessageW
EndDialog
KillTimer
ShowWindow
wsprintfA
MessageBoxW
SetWindowTextA
SendMessageW
GetShellWindow
UnregisterHotKey
SetTimer
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CloseClipboard
GetWindowTextA
EmptyClipboard
GetDlgItem
OpenClipboard
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
GetDC
DrawTextA
EnableWindow
SetClipboardData
wsprintfW

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
DeleteObject
SelectObject
SetBkMode

advapi32

CryptGenRandom
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey

shell32

ord680
ShellExecuteExW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

msimg32

GradientFill

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
14b94844b99ac43c014ea73c3400097e3239a7307d1618e84159a741ab0e8ac3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e.exe
.exe windows:5 windows x86 arch:x86

3ee8aa55414a94ea0a841ea0069bd261

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\New folder\Release\NEFILIM.pdb

Imports

kernel32

GetTickCount
GetProcessHeap
WriteFile
Sleep
ReadFile
CreateFileW
GetFileSizeEx
GetStdHandle
GetLastError
SetLastError
GetProcAddress
MoveFileW
GetLogicalDrives
LoadLibraryA
lstrcmpiW
FindNextFileW
CloseHandle
CreateThread
ExitProcess
GetModuleFileNameW
WideCharToMultiByte
ExitThread
MultiByteToWideChar
CreateMutexA
WaitForSingleObject
HeapFree
SetFilePointerEx
GetCurrentProcess
HeapAlloc
GetDriveTypeW
lstrlenA
FindFirstFileW
FindClose
GetSystemDefaultLangID
GetStringTypeW
LCMapStringW
IsValidCodePage
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetModuleHandleW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
HeapReAlloc
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP

advapi32

CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptHashData

shell32

ShellExecuteW

shlwapi

PathFindExtensionW
PathIsDirectoryW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2e6f094748124800d8cf6bdb28bb8aa4caa066923cf3e9778dae8bcb2b6e85ec.exe
2e96b55980a827011a7e0784ab95dcee53958a1bb19f5397080a434041bbeeea.exe
.exe windows:6 windows x86 arch:x86

ec5356d8e0f77a28432ffd3fb34115c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
lstrcpyW
CreateIoCompletionPort
CreateTimerQueue
GetCurrentProcess
SetProcessShutdownParameters
LocalAlloc
GetCurrentThread
LocalFree
GetSystemWindowsDirectoryW
QueryDosDeviceW
FindFirstFileW
SetPriorityClass
FindNextFileW
TerminateProcess
RemoveDirectoryW
FindClose
GetVersionExW
K32GetProcessImageFileNameW
DuplicateHandle
CreateToolhelp32Snapshot
GetExitCodeThread
ProcessIdToSessionId
Process32NextW
K32GetProcessMemoryInfo
Process32FirstW
GetNativeSystemInfo
LoadLibraryW
Module32FirstW
GetWindowsDirectoryW
GetProcAddress
WTSGetActiveConsoleSessionId
CreateProcessW
GetModuleHandleW
CreateRemoteThread
Module32NextW
QueryFullProcessImageNameW
K32GetMappedFileNameW
CreateFileMappingW
GetTickCount
lstrcmpW
IsWow64Process
VirtualQueryEx
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetComputerNameExW
GlobalMemoryStatusEx
ReadProcessMemory
GetStdHandle
GetEnvironmentVariableW
GetFileType
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FormatMessageW
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
CancelIo
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcessId
SetCurrentDirectoryW
Wow64RevertWow64FsRedirection
Sleep
OpenProcess
Wow64DisableWow64FsRedirection
GetCommandLineW
WideCharToMultiByte
GetLocalTime
PostQueuedCompletionStatus
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
MapViewOfFile
CreateEventA
CreateFileMappingA
ResetEvent
SetEvent
CreateEventW
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateMutexW
WaitForMultipleObjects
AllocConsole
GetConsoleWindow
ReadFile
SetConsoleCP
GetFileTime
GetDriveTypeW
FindNextVolumeW
GetSystemTime
GetVolumePathNamesForVolumeNameW
CopyFileW
SystemTimeToFileTime
FindVolumeClose
SetVolumeMountPointW
GetDiskFreeSpaceExW
ExitThread
SetFileTime
IsValidLocale
GetConsoleOutputCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
ExitProcess
ResumeThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
DeviceIoControl
lstrlenW
FindFirstVolumeW
GetLogicalDrives
GetVolumeInformationW
CreateDirectoryW
lstrcmpiW
MultiByteToWideChar
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
SwitchToThread
TryEnterCriticalSection
AreFileApisANSI
GetFullPathNameW
GetQueuedCompletionStatus
DeleteTimerQueue
DeleteCriticalSection
FindFirstFileExW
GetCurrentDirectoryW
QueryPerformanceFrequency
GetStringTypeW
CreateTimerQueueTimer
CreateFileW
GetFileSizeEx
GetModuleFileNameW
FlushFileBuffers
MoveFileW
SetFilePointerEx
CloseHandle
DeleteFileW
GetLastError
SetEndOfFile
WriteFile
HeapSize

user32

wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
wvsprintfW
GetMessageW
UnregisterHotKey
PostMessageW
ShowWindow
PeekMessageW
RegisterHotKey

advapi32

ReportEventW
RevertToSelf
GetTokenInformation
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
ConvertSidToStringSidW
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeNameW
RegCloseKey
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorSacl
LookupPrivilegeValueW
QueryServiceStatusEx
DuplicateTokenEx
EnumServicesStatusW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegisterEventSourceW
DeregisterEventSource
RegGetValueW
EqualSid
CreateWellKnownSid
GetUserNameW
LookupAccountSidW
CloseServiceHandle
OpenSCManagerW
ControlService
EnumDependentServicesW
ChangeServiceConfigW
OpenServiceW
SetThreadToken

shell32

CommandLineToArgvW
SHCreateItemFromParsingName
SHEmptyRecycleBinW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoGetObject
CoInitializeEx
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

StrStrIA
PathFileExistsW
StrStrIW
PathRemoveFileSpecW
PathStripPathW
PathFindExtensionW
PathGetArgsW
PathRemoveExtensionW
StrStrW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

gethostbyname
closesocket
WSAIoctl
bind
recv
send
WSASocketW
WSAStartup
socket
WSAAddressToStringW
WSAGetLastError
setsockopt
htons
WSACleanup
shutdown
inet_ntop
getsockopt
gethostname
WSASetLastError
inet_ntoa

iphlpapi

GetIpNetTable
GetAdaptersInfo

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetGetConnectionW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

rstrtmgr

RmGetList
RmShutdown
RmStartSession
RmRegisterResources
RmEndSession

everything32

Everything_GetNumResults
Everything_SetRequestFlags
Everything_Exit
Everything_CleanUp
Everything_GetLastError
Everything_QueryW
Everything_GetResultFullPathNameW
Everything_GetResultSize
Everything_DeleteRunHistory
Everything_SetSort
Everything_IsDBLoaded
Everything_SetSearchW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
34c392448fc0818278cd19bb0841adf573e967be8a0f73bb42bb367a5835b6ea.exe
.exe windows:5 windows x86 arch:x86

f86dec4a80961955a89e7ed62046cc0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\crysis\Release\PDB\payload.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
EnterCriticalSection
ReleaseMutex
CloseHandle

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
37d8add251cb4179224ebbc0e28f8d9e26b5e64bbaec37f26a996bf51556f04c.exe
.exe windows:5 windows x86 arch:x86

02ed3575b7f1b355edc24642727fb2e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Legion\source\repos\last project\Release\curl.pdb

Imports

ws2_32

recv
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket

normaliz

IdnToAscii

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord200
ord22

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameA
GetDateFormatW
SetFilePointerEx
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RaiseException
RtlUnwind
WaitForSingleObject
LoadLibraryW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindFirstFileExA
IsValidCodePage
FindNextFileA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
SetEndOfFile
ExitProcess
CreateFileW
GetLogicalDrives
FindFirstFileW
Process32First
FindNextFileW
TerminateProcess
GetDriveTypeA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
FreeConsole
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetCurrentThread
GetThreadTimes
UnregisterWaitEx
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
CreateDirectoryExW
CopyFileW
MoveFileExW
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

Sections

.text
Size: 981KB - Virtual size: 981KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3a7265305386f955adbeb6bd7c711f03395963ac36be82e5bb6b1d7b2034c859.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
49aca08f5b259860364fc224601a944aa17161bb1da688e24621038457472d24.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4a2ad49c934f9ae6ca6b5d0c7cc34f5e12d349640012fa8cf8eb7e2d3acd6c9f.exe
.exe windows:5 windows x86 arch:x86

ae80b4ecb14ba8e602aaba0e2180c87d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

CryptBinaryToStringA
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
InternetOpenA
HttpSendRequestA

shlwapi

PathRemoveExtensionW
StrCmpNIA
StrToIntA
StrChrA
StrToInt64ExA
StrSpnA
PathFindFileNameW
StrStrIA
StrCmpNW
StrChrIA
StrCpyNW
PathMatchSpecW
StrCmpNIW
StrPBrkA
PathCombineW
PathSkipRootW
StrStrIW
PathUnquoteSpacesW
StrChrW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoA

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

imagehlp

CheckSumMappedFile

ws2_32

htons
sendto
socket
WSAStartup
inet_ntoa
inet_addr
htonl
shutdown
closesocket
gethostbyname

kernel32

WaitForSingleObject
SetEvent
OutputDebugStringW
SetFileTime
WriteFile
InitializeCriticalSection
Sleep
LeaveCriticalSection
GetTimeFormatW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
GetFileSizeEx
MoveFileW
EnterCriticalSection
CreateEventW
SizeofResource
GetFileTime
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
lstrcpyW
CreateThread
LoadResource
FindResourceW
FreeResource
LocalFree
ExitProcess
lstrcpynA
MultiByteToWideChar
GetTempFileNameW
GetFileSize
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateProcessW
LoadLibraryExW
LoadLibraryW
CopyFileW
ReadProcessMemory
GetSystemWow64DirectoryW
lstrcpynW
TerminateProcess
FlushInstructionCache
SetFilePointerEx
GetTempPathW
VirtualAllocEx
CreateFileMappingW
OpenEventW
WinExec
GetWindowsDirectoryW
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
WideCharToMultiByte
CreateMutexW
GetCurrentProcess
GetCurrentThreadId
SetFilePointer
SetThreadPriority
WaitForMultipleObjects
SetCurrentDirectoryW
OutputDebugStringA
SetProcessShutdownParameters
GetFileAttributesA
lstrlenA
SearchPathW
lstrcpyA
GetEnvironmentVariableW
IsBadWritePtr
TlsAlloc
GetVersionExW
lstrcmpiA
GetTickCount
GetModuleFileNameA
GetDateFormatW
GetProcAddress
lstrlenW
lstrcatW
MulDiv
GetSystemDirectoryW
CreateToolhelp32Snapshot
LockResource
SetErrorMode
GetSystemWindowsDirectoryW
GetModuleHandleW
GetVolumeInformationW
GetLastError
OpenMutexW
VirtualProtect
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
GetModuleHandleA
QueryDosDeviceW
FindNextFileW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
GetComputerNameA
lstrcmpiW
ExpandEnvironmentStringsW
CreateDirectoryW
Process32NextW
GetSystemInfo
OpenProcess
GetCurrentThread
IsBadStringPtrA
GetHandleInformation
IsBadCodePtr
IsBadStringPtrW
RtlUnwind
CreateFileW
FlushFileBuffers
Process32FirstW
IsBadReadPtr

advapi32

RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetKernelObjectSecurity
LookupPrivilegeValueW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
GetLengthSid
RegSetValueExW
RegFlushKey
RegOpenKeyW
AdjustTokenPrivileges
RegCreateKeyExW
RegEnumValueW
RegEnumKeyW
CryptDestroyKey
CryptAcquireContextW
CryptGetKeyParam
RegDeleteValueW
CryptEncrypt
RegQueryValueExW

user32

wsprintfW
DispatchMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
PeekMessageW
TranslateMessage
wsprintfA
CharLowerBuffA
GetSystemMetrics
GetKeyboardLayoutList
ReleaseDC
SystemParametersInfoW
GetDC
DrawTextA
FillRect
GetLastInputInfo
RegisterClassExW
UnregisterClassW
GetForegroundWindow

ole32

CoCreateInstance
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoUninitialize

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHChangeNotify

ntdll

ZwOpenSection
RtlFreeUnicodeString
NtDeleteFile
isspace
RtlDosPathNameToNtPathName_U
memmove
ZwOpenProcess
ZwClose
ZwOpenDirectoryObject
ZwQuerySystemInformation
_chkstk
ZwQueryInformationProcess
_allmul
memcpy
_alldiv
memset
_aulldvrm
NtQueryVirtualMemory

oleaut32

SysAllocString
SysFreeString

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
SetBkColor
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
GetStockObject

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5199b64b50f678d75f85cb0c3ac97d7df67f23471815e21236b1a790d008fe3c.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
55c30024aed833336eb4720a1a4a40c78496efb27b3c4d5c3f1d1b5935c12715.exe
.exe windows:5 windows x86 arch:x86

851a0ba8fbb71710075bdfe6dcef92eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetUseConnectionW
WNetOpenEnumW
WNetCloseEnum

ws2_32

ioctlsocket
getpeername
ntohl
select
WSAGetLastError
htons
recv
socket
closesocket
getsockopt
WSAAddressToStringW
htonl
connect

iphlpapi

GetIpAddrTable

winhttp

WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest

kernel32

FindClose
FindNextFileW
SystemTimeToFileTime
OpenProcess
FindFirstFileW
MoveFileW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetCurrentThreadId
GetLocalTime
ExitProcess
SetFilePointer
WaitForSingleObject
GetComputerNameW
SetEvent
GetLogicalDrives
GetTickCount
Sleep
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
CreateEventW
WaitForMultipleObjects
CloseHandle
SetFileAttributesW
CreateThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
AllocConsole
WriteFile
WideCharToMultiByte
WriteConsoleW
GetStdHandle
CreateMutexW
CreateProcessW
GetCurrentProcess
SetHandleInformation
HeapFree
GetLocaleInfoW
ReadProcessMemory
TerminateProcess
GetModuleFileNameW
FlushFileBuffers
OpenMutexW
GetLastError
GetProcAddress
Process32FirstW
GetExitCodeThread
CreatePipe
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
ReleaseMutex
GetVersion
DeleteFileW
GetCurrentProcessId
GetVolumeInformationW
ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapReAlloc
QueryPerformanceCounter

user32

GetWindowThreadProcessId
GetShellWindow

advapi32

FreeSid
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
EqualSid
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
LookupAccountSidW
AllocateAndInitializeSid
DuplicateTokenEx
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CoGetObject
CoInitializeEx
CoUninitialize

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
56f7b48f3877743c44aef0f3e990b3387dd6185f1c40a7477f5b6bad64960659.exe
.exe windows:4 windows x86 arch:x86

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryA
GetCurrentProcessId
OpenProcess
SetFilePointerEx
GetModuleHandleA
DuplicateHandle
ExitProcess
GetEnvironmentVariableW
CreateProcessW
CreatePipe
LocalFree
GetCommandLineW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
WriteFile
Sleep
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
GetFileType
PeekNamedPipe

user32

wsprintfA
GetShellWindow
wsprintfW
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
DrawTextA
GetDC

gdi32

CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
DeleteDC
SetTextColor
GetObjectW
GetDeviceCaps
GetDIBits

advapi32

CryptGenRandom
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
SHGetSpecialFolderPathW

msimg32

GradientFill

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5a96b929383817aa298eec8cca019bcd984fcd71dd8ee353541392c1082756a4.exe
.exe windows:5 windows x86 arch:x86

851a0ba8fbb71710075bdfe6dcef92eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetUseConnectionW
WNetOpenEnumW
WNetCloseEnum

ws2_32

ioctlsocket
getpeername
ntohl
select
WSAGetLastError
htons
recv
socket
closesocket
getsockopt
WSAAddressToStringW
htonl
connect

iphlpapi

GetIpAddrTable

winhttp

WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest

kernel32

FindClose
FindNextFileW
SystemTimeToFileTime
OpenProcess
FindFirstFileW
MoveFileW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetCurrentThreadId
GetLocalTime
ExitProcess
SetFilePointer
WaitForSingleObject
GetComputerNameW
SetEvent
GetLogicalDrives
GetTickCount
Sleep
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
CreateEventW
WaitForMultipleObjects
CloseHandle
SetFileAttributesW
CreateThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
AllocConsole
WriteFile
WideCharToMultiByte
WriteConsoleW
GetStdHandle
CreateMutexW
CreateProcessW
GetCurrentProcess
SetHandleInformation
HeapFree
GetLocaleInfoW
ReadProcessMemory
TerminateProcess
GetModuleFileNameW
FlushFileBuffers
OpenMutexW
GetLastError
GetProcAddress
Process32FirstW
GetExitCodeThread
CreatePipe
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
ReleaseMutex
GetVersion
DeleteFileW
GetCurrentProcessId
GetVolumeInformationW
ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapReAlloc
QueryPerformanceCounter

user32

GetWindowThreadProcessId
GetShellWindow

advapi32

FreeSid
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
EqualSid
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
LookupAccountSidW
AllocateAndInitializeSid
DuplicateTokenEx
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CoGetObject
CoInitializeEx
CoUninitialize

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
606b88fce1441e6d83e1fb2ba1b511e4a9e68f7fc01c55b7c53e08fd28f9a0c4.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6bda9faf719bb7a55e822667d909086193d323d8fa06b1a3d62437fcf6a9e24b.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
71b46e95fba31267475537a338f49ce1cd0bc56c0f15346b05b673051cbe90a8.exe
.exe windows:5 windows x86 arch:x86

851a0ba8fbb71710075bdfe6dcef92eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetUseConnectionW
WNetOpenEnumW
WNetCloseEnum

ws2_32

ioctlsocket
getpeername
ntohl
select
WSAGetLastError
htons
recv
socket
closesocket
getsockopt
WSAAddressToStringW
htonl
connect

iphlpapi

GetIpAddrTable

winhttp

WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest

kernel32

FindClose
FindNextFileW
SystemTimeToFileTime
OpenProcess
FindFirstFileW
MoveFileW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetCurrentThreadId
GetLocalTime
ExitProcess
SetFilePointer
WaitForSingleObject
GetComputerNameW
SetEvent
GetLogicalDrives
GetTickCount
Sleep
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
CreateEventW
WaitForMultipleObjects
CloseHandle
SetFileAttributesW
CreateThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
AllocConsole
WriteFile
WideCharToMultiByte
WriteConsoleW
GetStdHandle
CreateMutexW
CreateProcessW
GetCurrentProcess
SetHandleInformation
HeapFree
GetLocaleInfoW
ReadProcessMemory
TerminateProcess
GetModuleFileNameW
FlushFileBuffers
OpenMutexW
GetLastError
GetProcAddress
Process32FirstW
GetExitCodeThread
CreatePipe
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
ReleaseMutex
GetVersion
DeleteFileW
GetCurrentProcessId
GetVolumeInformationW
ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapReAlloc
QueryPerformanceCounter

user32

GetWindowThreadProcessId
GetShellWindow

advapi32

FreeSid
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
EqualSid
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
LookupAccountSidW
AllocateAndInitializeSid
DuplicateTokenEx
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CoGetObject
CoInitializeEx
CoUninitialize

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7d98972d5c78e1d4969da76856d6818942b606c267efa67fd31d39ae77497e9c.exe
.exe windows:6 windows x86 arch:x86

d999d23008cd11044758e92d9fe0a834

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
GetLogicalDrives
CreateMutexA
GetCurrentProcessId
ExitProcess
TerminateProcess
OpenProcess
GetModuleFileNameA
Sleep
CopyFileA
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateThread
CreateFileW
GetConsoleCP
GetFullPathNameW
GetFileAttributesA
FindNextFileW
FindFirstFileExW
FindClose
MoveFileA
lstrcmpiA
CloseHandle
WriteFile
SetFilePointerEx
SetEndOfFile
ReadFile
GetFileSizeEx
OpenMutexA
CreateFileA
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
EncodePointer
GetModuleHandleExW
HeapValidate
GetSystemInfo
GetStdHandle
GetACP
GetStringTypeW
GetCurrentThread
GetFileType
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
HeapReAlloc
HeapQueryInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
DecodePointer

user32

wsprintfA

advapi32

CryptEncrypt
CryptImportKey
CryptExportKey
CryptSetKeyParam
CryptDestroyKey
CryptGenKey
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
CryptDecrypt

shell32

ShellExecuteA

shlwapi

PathFindFileNameA

Sections

.text
Size: 702KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
87b9b910d5d5a053e3b39989cc6fd51601abdaea207a26c765f21f43a4cd4dcb.exe
.exe windows:6 windows x86 arch:x86

202fa14f574c71c2f95878e40a79322d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
GetTickCount
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcmpW
lstrlenW
SetVolumeMountPointW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileW
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrlenA
GetCommandLineW
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetCurrentProcess
ReadFile
SetFileAttributesW
SetFilePointerEx
WaitForSingleObject
CreateMutexA
WaitForMultipleObjects
GetCurrentProcessId
ExitProcess
CreateThread
ExitThread
SetProcessShutdownParameters
GetSystemInfo
lstrcmpiW
lstrcpyW
lstrcatW
OpenMutexA
MoveFileExW
WideCharToMultiByte
HeapAlloc
HeapFree
GetProcessHeap
ReleaseSemaphore
CreateSemaphoreA
TerminateProcess
Sleep
GetLastError
CloseHandle
GetVolumePathNamesForVolumeNameW
GetDriveTypeW
FindVolumeClose
FindNextVolumeW
GetLogicalDrives
FindFirstVolumeW

user32

wsprintfA

advapi32

QueryServiceStatusEx
OpenSCManagerA
EnumDependentServicesA
ControlService
CloseServiceHandle
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
OpenServiceA

shell32

SHEmptyRecycleBinA
CommandLineToArgvW
ShellExecuteW

netapi32

NetShareEnum
NetApiBufferFree

rstrtmgr

RmGetList
RmStartSession
RmEndSession
RmRegisterResources

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8958d7b8c51215d6a27444b2760f1ce843a414d380052e6e71c2af6e9ab69ce2.exe
.exe windows:5 windows x86 arch:x86

216df81b1ef7bc2aa8ec52bbeef137c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW

activeds

ord9
ord15

kernel32

CreateProcessW
GetSystemTime
lstrlenW
LocalFree

advapi32

CheckTokenMembership
CreateWellKnownSid

ole32

CoCreateInstance
CoSetProxyBlanket

Sections

.text
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ab5be9e6911b43f0974e01dabec772b968274d9b5ea39ba2ad7cd294056e5d09.exe
.exe windows:5 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\crysis\Release\PDB\payload.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b228a698ee826b42e19307f2d34c2620819a67a0e98fd2af08aae570b8178cc0.exe
.exe windows:5 windows x86 arch:x86

2bb3003ccae03cc3071abb5c44555c92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SetFilePointerEx
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
GetFileSizeEx
GetLastError
ExitProcess
GetEnvironmentVariableW
GetTempFileNameW
FindFirstFileW
SetFilePointer
lstrcpynA
CreateProcessW
MoveFileExW
GetLogicalDrives
lstrcpyA
GetDriveTypeA
Sleep
CopyFileW
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
GetStdHandle
lstrcmpiA
FindClose
lstrcmpiW
lstrcatW
FindNextFileW
CompareStringA
lstrcpyW
SetFileAttributesW
HeapFree
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrlenW
lstrcatA
CreateProcessA
HeapCreate
GetProcessHeap
HeapAlloc
GetCommandLineA

user32

wsprintfA

advapi32

RegCloseKey
GetCurrentHwProfileW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW

ole32

CoCreateGuid
StringFromGUID2

shlwapi

PathRemoveFileSpecW
StrStrA
PathFindFileNameW

Sections

odyqxub
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c864a70f78fb972f505ae5b13c0ad984e64c547194beb258926bb4c323fac31d.exe
.exe windows:5 windows

2bb3003ccae03cc3071abb5c44555c92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SetFilePointerEx
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
GetFileSizeEx
GetLastError
ExitProcess
GetEnvironmentVariableW
GetTempFileNameW
FindFirstFileW
SetFilePointer
lstrcpynA
CreateProcessW
MoveFileExW
GetLogicalDrives
lstrcpyA
GetDriveTypeA
Sleep
CopyFileW
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
GetStdHandle
lstrcmpiA
FindClose
lstrcmpiW
lstrcatW
FindNextFileW
CompareStringA
lstrcpyW
SetFileAttributesW
HeapFree
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrlenW
lstrcatA
CreateProcessA
HeapCreate
GetProcessHeap
HeapAlloc
GetCommandLineA

user32

wsprintfA

advapi32

RegCloseKey
GetCurrentHwProfileW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW

ole32

CoCreateGuid
StringFromGUID2

shlwapi

PathRemoveFileSpecW
StrStrA
PathFindFileNameW

Sections

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cfd5d9a4e67799f2428c6071dcc13fcf726f49ec3e706f0302b4592a3a0a08f0.exe
.exe windows:5 windows

2bb3003ccae03cc3071abb5c44555c92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SetFilePointerEx
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
GetFileSizeEx
GetLastError
ExitProcess
GetEnvironmentVariableW
GetTempFileNameW
FindFirstFileW
SetFilePointer
lstrcpynA
CreateProcessW
MoveFileExW
GetLogicalDrives
lstrcpyA
GetDriveTypeA
Sleep
CopyFileW
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
GetStdHandle
lstrcmpiA
FindClose
lstrcmpiW
lstrcatW
FindNextFileW
CompareStringA
lstrcpyW
SetFileAttributesW
HeapFree
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrlenW
lstrcatA
CreateProcessA
HeapCreate
GetProcessHeap
HeapAlloc
GetCommandLineA

user32

wsprintfA

advapi32

RegCloseKey
GetCurrentHwProfileW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW

ole32

CoCreateGuid
StringFromGUID2

shlwapi

PathRemoveFileSpecW
StrStrA
PathFindFileNameW

Sections

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
da6f543313480695aab95a5e685741a8d185fba0600363f74063eb1cda0f672e.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e05323d9ca6df47d9add5b2f757ea2490ebd11dfe1b56b82a9e93ba9d814e162.exe
.exe windows:5 windows x86 arch:x86

f2446e70194057c6d86e5807958fb117

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtSetInformationFile
RtlUnwind
NtQueryInformationFile
NtWriteFile
NtCreateFile
NtReadFile
NtClose
RtlDosPathNameToNtPathName_U
RtlFreeHeap

shlwapi

wvnsprintfA
PathCombineW

wininet

InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetOpenW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetCrackUrlW

mapi32

ord11
ord23
ord21

kernel32

ExitProcess
LCMapStringW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
WideCharToMultiByte
WriteFile
FreeEnvironmentStringsW
GetCPInfo
SetLastError
TlsFree
TlsSetValue
MultiByteToWideChar
OutputDebugStringA
GetCurrentProcess
GetTickCount
GetCurrentThread
GetProcessHeap
GetProcessTimes
GetCurrentThreadId
GetCurrentProcessId
GetThreadTimes
LoadLibraryW
Sleep
GetProcAddress
GetFileSize
FindFirstFileW
ReadFile
CreateFileW
FindNextFileW
CloseHandle
LocalFree
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
InterlockedCompareExchange
HeapCreate
HeapSize
GetDriveTypeW
GetLogicalDriveStringsW
GetLongPathNameW
ExpandEnvironmentStringsW
GetModuleHandleW
SetUnhandledExceptionFilter
SetEndOfFile
MoveFileExW
CreateDirectoryW
FindFirstFileExW
GetEnvironmentStringsW
GetFileAttributesW
GetLastError
FindClose
DeleteFileW
SetFileAttributesW
GetNativeSystemInfo
GetComputerNameW
GetSystemTimeAsFileTime
GetVersionExW
CreateProcessW
TerminateProcess
GetModuleFileNameW
GetWindowsDirectoryW
CreateThread
CreateMutexW
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
DecodePointer
EncodePointer
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
QueryPerformanceCounter
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeW
IsProcessorFeaturePresent
FlushFileBuffers
SetStdHandle
CopyFileW

user32

DefWindowProcW
UpdateWindow
GetSystemMetrics
CreateWindowExW
ShowWindow
RegisterClassExW
TranslateMessage
SetForegroundWindow
PostQuitMessage
GetMessageW
DispatchMessageW
GetClientRect
GetWindowLongW
SetWindowLongW
GetFocus
GetCapture
GetKBCodePage
GetForegroundWindow
GetDesktopWindow
GetActiveWindow
GetClipboardOwner
GetShellWindow
GetOpenClipboardWindow

advapi32

RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegFlushKey
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegSetValueExW
RegDeleteValueW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoGetClassObject
OleInitialize
OleSetContainedObject

oleaut32

VariantInit
SafeArrayAccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreate

Exports

Exports

__local_entry@4
__remote_entry@0

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e48bd2f16b53a3630f3fca69d0d236d15bc23b08754d980bd29b15841b0fdf14.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ecfb5c95d0f3d112650ef4047936e8fa5244c21c921f6c7a6963e92abab4949d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f08c1c26d375f6881990756e39208017b02af75fca0ebddb72f5e5c14e20363f.exe
.exe windows:5 windows x86 arch:x86

8735e6cad23590d9b5b60978db488a28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
GetFileAttributesW
GetLastError
MoveFileW
lstrcpyW
SetFileAttributesW
CreateMutexW
GetDriveTypeW
VerSetConditionMask
WaitForSingleObject
GetTickCount
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
TerminateThread
Sleep
TerminateProcess
VerifyVersionInfoW
WaitForMultipleObjects
DeleteCriticalSection
ExpandEnvironmentStringsW
lstrlenW
SetHandleInformation
lstrcatA
MultiByteToWideChar
CreatePipe
lstrcmpiA
Process32NextW
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
lstrcmpW
FindClose
FindNextFileW
GetNativeSystemInfo
GetComputerNameW
GetDiskFreeSpaceW
GetWindowsDirectoryW
GetVolumeInformationW
LoadLibraryA
lstrcmpiW
VirtualFree
CreateThread
CloseHandle
lstrcatW
CreateFileMappingW
ExitThread
CreateFileW
GetModuleFileNameW
WriteFile
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
GetFileSize
GetEnvironmentVariableW
lstrcpyA
GetModuleHandleA
VirtualAlloc
GetProcAddress
Process32FirstW
GetTempPathW
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
CreateProcessW
ExitProcess
IsProcessorFeaturePresent

user32

BeginPaint
wsprintfW
TranslateMessage
LoadCursorW
LoadIconW
MessageBoxA
GetMessageW
EndPaint
DestroyWindow
RegisterClassExW
ShowWindow
CreateWindowExW
SendMessageW
DispatchMessageW
DefWindowProcW
UpdateWindow
wsprintfA
GetForegroundWindow
SetWindowLongW

gdi32

TextOutW

advapi32

FreeSid
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CryptExportKey
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
AllocateAndInitializeSid

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetReadFile

psapi

EnumDeviceDrivers
GetDeviceDriverBaseNameW

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f354148b5f0eab5af22e8152438468ae8976db84c65415d3f4a469b35e31710f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\slam_ransomware_builder\ConsoleApp2\ConsoleApp2\obj\Debug\ConsoleApp2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f7caf7d69cef15d5c3b9983513e4e40edc3a31c5ead4139bc41d1500442a966a.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fcb68445068ebf4cd526d316622f9aa3e8065f9a9f42e5330f66f5cb160be393.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b7b88f9fba96375d4eebc5d049319af3

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: - Virtual size: 80KB

.ndata Size: 11KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 760B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 84KB - Virtual size: 84KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

3ee8aa55414a94ea0a841ea0069bd261

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 5KB - Virtual size: 5KB

ec5356d8e0f77a28432ffd3fb34115c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

ws2_32

iphlpapi

netapi32

mpr

rstrtmgr

everything32

bcrypt

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 457KB - Virtual size: 456KB

.data Size: 14KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 65KB - Virtual size: 64KB

f86dec4a80961955a89e7ed62046cc0e

Headers

DLL Characteristics

File Characteristics

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: - Virtual size: 80KB

.ndata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 760B

.text
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 457KB - Virtual size: 456KB

.data
Size: 14KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 65KB - Virtual size: 64KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 42KB - Virtual size: 42KB

.text
Size: 981KB - Virtual size: 981KB

.rdata
Size: 231KB - Virtual size: 230KB

.data
Size: 29KB - Virtual size: 44KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 57KB - Virtual size: 56KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 33KB - Virtual size: 36KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 1024B - Virtual size: 976B

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B