RANSOMWARE11224[.]rar

Resubmissions

18-07-2024 07:25

240718-h84wjs1hpb 10

18-07-2024 07:19

240718-h51pqa1gng 10

17-07-2024 20:55

240717-zqkhmaydmq 10

17-07-2024 19:21

240717-x2pwdaycjb 10

Sharing

Copy URL

Twitter E-mail

General

Target

RANSOMWARE11224.rar
Size

6.5MB
MD5

6f34e6d90096072ff1a7fc295f2c8a17
SHA1

da305a3b884ea3acafcf1209ad24fc04f28bc7d3
SHA256

84bebbe2cc14519a656dd6ee54e892191872f7122ebf53ef6b2349a5218c11e1
SHA512

0ffa38a106c5ccdaa82b6a5a64b061bcf069125744d5c86cc800367c0d249885f725b89ebd27184bc66286590e2a6b9129d6614221c5cc7e6fe3cf1f2e7994f4
SSDEEP

196608:Wze5gvd12z//fon5Cvg/Hvq6t0Qp9DnaJJ3:uKgvdMs5PC6tZU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/2272954a2c9f631b4f9c5f6d230287b0989ab3b512bb5f4a282214eadf42085a.exe
unpack001/72716d15ea7d118b8c99dbcb15114188abe468718c876ac52b0779161ef7e821.exe
unpack001/Bit Paymer.exe
unpack001/KeepCalm.exe
unpack001/LockedIn.exe
unpack001/Purge.exe
unpack001/Scarab.exe
unpack001/a631ad1b1a59001a5f594880c6ae3337bda98f8ce3bb46cd7a9de0b35cd2bc4b.exe
unpack001/a9053a3a52113698143a2b9801509c68d0d8b4b8208da453f0974547df0931bc.exe
unpack001/b764629e1f43851daf984c9372422b65ddceae28f83d6211873f4c8f8672c41c.exe
unpack001/cf89f70633865aa06123062a7dc51f8158905afb4b00f6f3597de3edfba97c5c.exe
unpack001/e951e82867a4f3af5a34b714571e9acf99cca794c4ed1895c9025a642d5d4350.exe
unpack001/fa0c321e1aad571daaa3bf642ced8ab10931a05957ce9f17da49317816ca50c7_WthaiV9ed2.exe
unpack001/fc184274ad3908021e4c8ef28f35dc77447ed6457375d2a4e7b411955e042527.exe

Files

RANSOMWARE11224.rar
.rar
2272954a2c9f631b4f9c5f6d230287b0989ab3b512bb5f4a282214eadf42085a.exe
.exe windows:5 windows x86 arch:x86

53249f65d2f64c09446341c1827aaa66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowExA
MessageBoxW
PostMessageA
ShowWindow
EndPaint
RegisterClassExA
DrawTextA
OemToCharA
IsDialogMessageW
RemovePropA
SendMessageW
SetWindowTextA
LoadCursorW
LoadImageA
HideCaret
GetClassNameW

odbctrac

TraceSQLError
TraceSQLCancel

kernel32

OpenMutexW
SetEvent
InterlockedDecrement
GetModuleHandleA
WaitForSingleObject
GetDiskFreeSpaceA
GetProcAddress
GetExpandedNameA
GetConsoleTitleA
DefineDosDeviceA
CreateEventW
CreateFileMappingA
ReleaseMutex
GetStartupInfoW
SystemTimeToFileTime
SetErrorMode
GetConsoleAliasW

Exports

Exports

iojraq

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE
72716d15ea7d118b8c99dbcb15114188abe468718c876ac52b0779161ef7e821.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bit Paymer.exe
.exe windows:4 windows x86 arch:x86

016fe50c549606ee977466a0e8cfdffa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetComputerNameExW

msvcrt

fwrite

netapi32

NetUserSetGroups

rpcrt4

I_RpcServerRegisterForwardFunction
RpcBindingFree

user32

SetDlgItemInt
GetWindowTextW
wsprintfW
wsprintfA
GetClipboardViewer
DdeGetLastError

msacm32

acmFormatDetailsW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

W0KEjK
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

-R*
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeepCalm.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockedIn.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Artist\Documents\Visual Studio 2017\Projects\Data Locker\Data Locker\obj\Debug\Data Locker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NotPetya.dll
.dll windows:5 windows x86 arch:x86

52dd60b5f3c9e2f17c2e303e8c8d4eab

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5
Signer

Actual PE Digest

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetTempPathW
GetProcAddress
DeleteFileW
FreeLibrary
GlobalAlloc
LoadLibraryW
GetComputerNameExW
GlobalFree
ExitProcess
GetVersionExW
GetModuleFileNameW
DisableThreadLibraryCalls
ResumeThread
GetEnvironmentVariableW
GetFileSize
SetFilePointer
SetLastError
LoadResource
GetCurrentThread
OpenProcess
GetSystemDirectoryW
SizeofResource
GetLocalTime
Process32FirstW
LockResource
Process32NextW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
WideCharToMultiByte
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
PeekNamedPipe
GetTempFileNameW
InterlockedExchange
LeaveCriticalSection
MultiByteToWideChar
CreateFileA
GetTickCount
CreateThread
LocalFree
FindNextFileW
CreateFileMappingW
LocalAlloc
FindClose
GetFileSizeEx
CreateFileW
Sleep
FlushViewOfFile
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CloseHandle
DeviceIoControl
GetLastError
GetSystemDirectoryA
ReadFile
WriteFile
GetProcessHeap
InitializeCriticalSection
HeapReAlloc
GetWindowsDirectoryW
EnterCriticalSection
HeapFree
SetFilePointerEx
HeapAlloc
FindResourceW

user32

ExitWindowsEx
wsprintfA
wsprintfW

advapi32

CryptGenRandom
CryptAcquireContextA
CryptExportKey
CryptAcquireContextW
CreateProcessAsUserW
InitiateSystemShutdownExW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
CredEnumerateW
CredFree
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptReleaseContext

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
StringFromCLSID

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CryptDecodeObjectEx

shlwapi

PathAppendW
StrToIntW
PathFindFileNameW
PathFileExistsW
StrCmpW
StrCmpIW
StrChrW
StrCatW
StrStrW
PathFindExtensionW
PathCombineW
StrStrIW

iphlpapi

GetIpNetTable
GetAdaptersInfo

ws2_32

inet_ntoa
gethostbyname
__WSAFDIsSet
ntohl
ioctlsocket
connect
inet_addr
select
recv
send
htons
closesocket
socket
WSAStartup

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum

netapi32

NetServerEnum
NetApiBufferFree
NetServerGetInfo

dhcpsapi

DhcpEnumSubnetClients
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets

msvcrt

malloc
_itoa
free
memset
rand
memcpy

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purge.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\beary\onedrive\documents\visual studio 2017\Projects\PurgeRansomware\PurgeRansomware\obj\Debug\PurgeRansomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Scarab.exe
.exe windows:5 windows x86 arch:x86

ac42624e1c698c88c9c9c11516c26efc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetTickCount
GlobalAlloc
GetFileAttributesA
GetCompressedFileSizeA
CreateFileW
GetFileSizeEx
GetLastError
GetProcAddress
CloseHandle
CreateFileA
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
HeapFree
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
GetModuleHandleA
HeapSize
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

DlgDirSelectExW
PeekMessageA
EndPaint

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a631ad1b1a59001a5f594880c6ae3337bda98f8ce3bb46cd7a9de0b35cd2bc4b.exe
.exe windows:5 windows x86 arch:x86

c516e8516238a871ed55c8931b909393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
CloseHandle
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
IsProcessorFeaturePresent
HeapFree
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
Sleep
LCMapStringW
GetStringTypeW
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
WriteConsoleW
HeapReAlloc
SetEndOfFile
GetProcessHeap
ReadFile
lstrcpyA
CreateThread
lstrcpyW
GetVersionExA
GetModuleHandleA
GetProfileStringA
LoadLibraryA
GetLocalTime
GlobalFree
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
GlobalUnlock
lstrlenW
lstrcatA
MulDiv
HeapCreate
WideCharToMultiByte
CreateFileW
GetCurrentThreadId
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GlobalAlloc
InitializeCriticalSection
WaitForSingleObject
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GlobalLock
HeapAlloc
GetComputerNameA
MultiByteToWideChar

user32

GetClientRect
GetClassLongA
CopyRect
ValidateRect
EnumDisplayDevicesA
LoadCursorA
FindWindowA
UpdateWindow
GetSystemMetrics
SystemParametersInfoA
DispatchMessageA
AppendMenuA
FrameRect
GetSysColorBrush
ShowWindow
LoadAcceleratorsA
GetDesktopWindow
DefWindowProcA
GetDlgItem
SetClassLongA
TranslateAcceleratorA
EnableMenuItem
ReleaseDC
EndPaint
SetCursor
GetMessageA
CreateWindowExA
LoadStringA
GetFocus
LoadBitmapA
LoadMenuA
LoadIconA
IsWindowEnabled
FindWindowExA
GetWindowRect
CreateMenu
SendMessageA
BeginPaint
GetDC
TranslateMessage
ShowCursor
GetMenu
GetWindowPlacement
SetWindowLongA
GetWindowLongA

gdi32

ExtTextOutA
GetStockObject
GetPixel
CreateEllipticRgn
ExtCreatePen
MoveToEx
BitBlt
PatBlt
SetViewportOrgEx
LineTo
SetTextColor
DeleteDC
CreateFontIndirectA
SetBkColor
CreateDCA
CreateBitmap
DeleteObject
SelectObject
SelectClipRgn
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
CreateRectRgn
CreatePen
GetTextMetricsA
SetROP2
SetTextAlign
EnumFontsA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
CommDlgExtendedError

advapi32

StartServiceW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CreateServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerA
StartTraceA
SetServiceStatus
LsaClose
CloseServiceHandle

shell32

SHQueryRecycleBinA
SHGetFileInfoA
DragAcceptFiles
SHEmptyRecycleBinA

ole32

CreateStreamOnHGlobal
StgCreateDocfile
CoInitialize
CoMarshalInterface
CoUnmarshalInterface
CreateBindCtx
CoCreateInstance
GetHGlobalFromStream

oleaut32

OleCreatePictureIndirect

netapi32

NetUserEnum
NetApiBufferFree
NetUserAdd
NetLocalGroupAddMember

comctl32

CreatePropertySheetPageW
ord17

pdh

PdhBrowseCountersA
PdhMakeCounterPathA
PdhOpenQueryA

imm32

ImmGetDefaultIMEWnd
ImmGetContext

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

uxtheme

DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent

usp10

ScriptGetGlyphABCWidth
ScriptFreeCache

snmpapi

SnmpUtilMemFree
SnmpUtilMemAlloc

mscms

OpenColorProfileA

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a9053a3a52113698143a2b9801509c68d0d8b4b8208da453f0974547df0931bc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b764629e1f43851daf984c9372422b65ddceae28f83d6211873f4c8f8672c41c.exe
.exe windows:4 windows x86 arch:x86

9ecee117164e0b870a53dd187cdd7174

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
InterlockedIncrement
GetCurrentThreadId
GetCurrentThread
ReadFile
GetFileSize
CreateFileA
MoveFileExA
SizeofResource
TerminateThread
LoadResource
FindResourceA
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameA
LocalFree
LocalAlloc
CloseHandle
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
LockResource
Sleep
GetStartupInfoA
GetModuleHandleA

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ChangeServiceConfig2A
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
CryptGenRandom
CryptAcquireContextA
OpenServiceA

ws2_32

closesocket
recv
send
htonl
ntohl
WSAStartup
inet_ntoa
ioctlsocket
select
htons
socket
connect
inet_addr

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

msvcrt

__set_app_type
_stricmp
__p__fmode
__p__commode
_except_handler3
__setusermatherr
_initterm
__getmainargs
_acmdln
_adjust_fdiv
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
??2@YAPAXI@Z
_ftol
sprintf
_endthreadex
strncpy
rand
_beginthreadex
__CxxFrameHandler
srand
time
__p___argc

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cf89f70633865aa06123062a7dc51f8158905afb4b00f6f3597de3edfba97c5c.exe
.exe windows:4 windows x86 arch:x86

4a903567b2a1e8685c977b5dfd30037d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetLocalTime
GetLastError
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
WriteFile
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
SetFilePointer
CloseHandle
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
LoadLibraryA
InterlockedExchange
VirtualQuery
VirtualProtect
GetSystemInfo
CreateFileW
GetACP
GetOEMCP
HeapSize
GetLocaleInfoW
SetEndOfFile
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e951e82867a4f3af5a34b714571e9acf99cca794c4ed1895c9025a642d5d4350.exe
.exe windows:5 windows x86 arch:x86

62af716748ca42001336a27fa2f4b371

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
GetUserNameW

user32

MessageBoxA
CharNextW
LoadStringW
CreateWindowExW
UnregisterClassW
TranslateMessage
ReleaseDC
RegisterClassExW
PostMessageW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
GetKeyboardLayout
GetForegroundWindow
GetDesktopWindow
GetDC
GetClientRect
EnumWindows
DispatchMessageW
DefWindowProcW
CharUpperBuffW
CharUpperW
CharLowerBuffW
CallNextHookEx
CharLowerBuffA
CharUpperBuffA
ActivateKeyboardLayout

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
TerminateProcess
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
IsDebuggerPresent
OpenProcess
MoveFileW
LockResource
LocalFree
LoadResource
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetSystemTimes
GetStringTypeExA
GetStringTypeExW
GetStdHandle
GetShortPathNameW
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateMutexW
CreateFileW
CreateEventW
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Sleep
GetVersionExW

gdi32

SelectObject
GetObjectA
GetObjectW
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shfolder

SHGetFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

shell32

ShellExecuteW
FindExecutableW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

crypt32

CryptUnprotectData
CryptUnprotectData

Exports

Exports

SLClose
SLConsumeRight
SLConsumeWindowsRight
SLDepositOfflineConfirmationId
SLFireEvent
SLGenerateOfflineInstallationId
SLGetApplicationInformation
SLGetGenuineInformation
SLGetInstalledProductKeyIds
SLGetInstalledSAMLicenseApplications
SLGetLicense
SLGetLicenseFileId
SLGetLicenseInformation
SLGetLicensingStatusInformation
SLGetPKeyId
SLGetPKeyInformation
SLGetPolicyInformation
SLGetPolicyInformationDWORD
SLGetProductSkuInformation
SLGetSAMLicense
SLGetSLIDList
SLGetServiceInformation
SLGetWindowsInformation
SLGetWindowsInformationDWORD
SLInstallLicense
SLInstallProofOfPurchase
SLInstallSAMLicense
SLIsWindowsGenuineLocal
SLOpen
SLReArmWindows
SLRegisterEvent
SLSetCurrentProductKey
SLSetGenuineInformation
SLUninstallLicense
SLUninstallProofOfPurchase
SLUninstallSAMLicense
SLUnregisterEvent
SLUnregisterWindowsEvent
SLpCheckProductKey
SLpGetGenuineLocal
SLpUpdateComponentTokens
TMethodImplementationIntercept

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 539KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 28B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fa0c321e1aad571daaa3bf642ced8ab10931a05957ce9f17da49317816ca50c7_WthaiV9ed2.exe
.exe windows:5 windows x86 arch:x86

5ba4e678a6340059fb43bdbcf8fb8c57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimes
GlobalAlloc
LoadLibraryW
GetProcAddress
AddAtomA
FindAtomW
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
HeapSize
CreateFileA
CloseHandle

user32

GetMessageTime
CloseClipboard

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fc184274ad3908021e4c8ef28f35dc77447ed6457375d2a4e7b411955e042527.exe
.exe windows:5 windows x86 arch:x86

0007f1b6ac8d35411ce207643bd2505c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrcpynW
WriteProfileStringW
WritePrivateProfileSectionW
WriteFile
WriteConsoleW
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
UnhandledExceptionFilter
TerminateProcess
SystemTimeToFileTime
Sleep
SetVolumeLabelA
SetUnhandledExceptionFilter
SetThreadUILanguage
SetThreadContext
SetProcessShutdownParameters
SetMailslotInfo
SetLastError
SetHandleInformation
SetFileApisToOEM
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReleaseActCtx
ReadFile
ReadConsoleInputA
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
MultiByteToWideChar
LockFile
LocalFree
LocalAlloc
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
IsDebuggerPresent
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSection
HeapSetInformation
HeapAlloc
Heap32ListFirst
Heap32First
GlobalFlags
GetTickCount
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemPowerStatus
GetStartupInfoW
GetProcessHeap
GetProcAddress
GetNamedPipeHandleStateA
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLocalTime
GetLastError
GetFileSizeEx
GetFileInformationByHandle
ActivateActCtx
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameW
GetCommandLineW
GetACP
FreeLibrary
FormatMessageA
FlushFileBuffers
ExitProcess
EnumResourceLanguagesW
EnterCriticalSection
EncodePointer
DeleteFileW
DeleteCriticalSection
DecodePointer
DeactivateActCtx
CreateThread
CreateSemaphoreW
CreateFileW
CreateEventW
CreateDirectoryW
CreateConsoleScreenBuffer
CreateActCtxW
CloseHandle
HeapFree

user32

GetKeyboardType
GetClipboardViewer
GetKeyState
CopyIcon
GetMessagePos
InSendMessage
AnyPopup
IsGUIThread
CloseDesktop
GetSystemMetrics
GetCaretBlinkTime
GetDialogBaseUnits
GetOpenClipboardWindow
GetDesktopWindow
LoadCursorFromFileA
CountClipboardFormats
OpenIcon
IsMenu
LoadCursorFromFileW
IsWindowUnicode
GetQueueStatus
CharLowerA
GetClipboardSequenceNumber
GetShellWindow
CharNextW
GetWindowTextLengthA
IsIconic
VkKeyScanA
CloseClipboard
GetClipboardOwner
GetProcessWindowStation
PaintDesktop
GetDoubleClickTime
CreatePopupMenu
GetSysColor
IsWindow
IsClipboardFormatAvailable
IsCharUpperW
DestroyIcon
GetAsyncKeyState
GetWindowTextLengthW
IsCharAlphaA
IsCharAlphaNumericA
DestroyWindow
CharUpperA
GetMenuContextHelpId
wsprintfW
TranslateMessage
TranslateAcceleratorW
SetWindowContextHelpId
SetDoubleClickTime
RegisterClassW
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
MapVirtualKeyExA
LoadStringW
LoadCursorW
GetUserObjectInformationW
GetThreadDesktop
GetScrollInfo
GetMessageTime
GetMessageA
GetKeyboardLayoutNameW
GetDlgCtrlID
GetClassLongW
GetAltTabInfoW
EndDialog
DrawIconEx
DispatchMessageW
IsCharLowerW
GetInputState
DestroyCursor
LoadIconA
CharNextA
EndMenu
GetFocus
ShowCaret
DestroyMenu
GetDC
GetActiveWindow
IsCharLowerA
CreateMenu
IsWindowEnabled
OemKeyScan
CloseWindow
VkKeyScanW
IsCharAlphaW
GetWindowContextHelpId
CharLowerW
GetWindowDC
GetKeyboardLayout
CharUpperW
CreateWindowExW
DefWindowProcW
LoadIconW

gdi32

GdiEntry14
GdiFullscreenControl
GdiGetSpoolMessage
GetCharWidthI
GetCurrentPositionEx
GetDCOrgEx
GetEnhMetaFileDescriptionA
GetFontAssocStatus
GetMetaFileA
GetMetaFileBitsEx
GetRgnBox
GetStockObject
GetTextMetricsW
PathToRegion
PolyPolyline
PolyTextOutW
SelectPalette
SetDCPenColor
SetTextColor
XFORMOBJ_bApplyXform
bMakePathNameW
GetEnhMetaFileA
AbortDoc
GetLayout
GetPixelFormat
CloseFigure
DeleteDC
AddFontResourceA
GetGraphicsMode
DeleteObject
GetObjectType
GdiConvertRegion
WidenPath
BeginPath
SwapBuffers
GetPolyFillMode
GetBkMode
GetColorSpace
GetFontLanguageInfo
SaveDC
CreatePatternBrush
GdiGetBatchLimit
SetMetaRgn
DeleteColorSpace
UnrealizeObject
AbortPath
CreateCompatibleDC
CancelDC
StrokePath
RealizePalette
GetSystemPaletteUse
EndPath
FlattenPath
GetTextAlign
CreateMetaFileW
GetBkColor
UpdateColors
GetDCPenColor
GdiFlush
GetTextCharset
CreateMetaFileA
EngTextOut
EngCreateBitmap
EngCopyBits
EngAssociateSurface
EndFormPage
EndDoc
DescribePixelFormat
DeleteEnhMetaFile
CreateSolidBrush
CreateScalableFontResourceA
AddFontResourceW
CLIPOBJ_ppoGetPath
CloseEnhMetaFile
CopyEnhMetaFileA
CopyMetaFileW
CreateDCA
CreateEllipticRgnIndirect
CreateICA
CreateRoundRectRgn
FillPath

advapi32

TraceEvent
UnregisterTraceGuids
RegOpenKeyW
SetEntriesInAclW
RegisterTraceGuidsW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegCreateKeyExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetNamedSecurityInfoW

shell32

DragFinish
DragQueryFileW
ExtractAssociatedIconW
ExtractIconExA
ExtractIconExW
ExtractIconW
SHBrowseForFolderW
SHChangeNotify
SHEmptyRecycleBinW
SHFileOperationA
SHFileOperationW
SHGetDesktopFolder
SHGetFileInfoA
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
DragAcceptFiles

msvcrt

__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_controlfp
_except_handler3
_exit
_ftol
_initterm
_onexit
_wcmdln
exit
wcscat
wcscpy
wcslen
wcsncmp
__CxxFrameHandler
_XcptFilter
_EH_prolog
__dllonexit

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

53249f65d2f64c09446341c1827aaa66

Headers

File Characteristics

Imports

user32

odbctrac

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 13KB - Virtual size: 13KB

.rsrc Size: 265KB - Virtual size: 265KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 587KB - Virtual size: 586KB

.rsrc Size: 115KB - Virtual size: 115KB

.reloc Size: 512B - Virtual size: 12B

016fe50c549606ee977466a0e8cfdffa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

netapi32

rpcrt4

user32

msacm32

Sections

.text Size: 8KB - Virtual size: 4KB

.code Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 36KB

W0KEjK Size: 28KB - Virtual size: 27KB

-R* Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 580B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 117KB - Virtual size: 117KB

.sdata Size: 512B - Virtual size: 8B

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 516KB - Virtual size: 516KB

.rsrc Size: 132KB - Virtual size: 132KB

.reloc Size: 512B - Virtual size: 12B

52dd60b5f3c9e2f17c2e303e8c8d4eab

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 265KB - Virtual size: 265KB

.text
Size: 587KB - Virtual size: 586KB

.rsrc
Size: 115KB - Virtual size: 115KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 4KB

.code
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 36KB

W0KEjK
Size: 28KB - Virtual size: 27KB

-R*
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 580B

.text
Size: 117KB - Virtual size: 117KB

.sdata
Size: 512B - Virtual size: 8B

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 516KB - Virtual size: 516KB

.rsrc
Size: 132KB - Virtual size: 132KB

.reloc
Size: 512B - Virtual size: 12B

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5
Signer

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 242KB - Virtual size: 241KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 262KB - Virtual size: 262KB