Downloads[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Downloads.rar
Size

5.1MB
MD5

15850e52e9c87dc6ede614c3e255165b
SHA1

e0c10e296fa4b59a52fb84777808f42e94468118
SHA256

5b731e23be406f4b0e0908bccfba25798fa5fff5695191de760fe385a538688b
SHA512

29600f8b4a293a4258ddb0770ad5454aedad030297c43793cc28e78b547fe2e9f491dffd0c4794cf9f6d44f5b4d57d427db098588ad0fcc51a9d2b60712b640c
SSDEEP

98304:DCH8UrY74ZQuvUNNFRkQDXR16JBF6S900Kiw3k6Qijbf5VVIMUxai:DCH8RpuvUD5DXmhJm06LfhIz

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
static1/unpack001/bro what the fuckkk ur seriously beliving that.exe	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/big fat sexy dildo poop ransomware.exe	aspack_v212_v242

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/bro what the fuckkk ur seriously beliving that.exe	upx
static1/unpack001/cocksucker ransomware [COOL].exe	upx
static1/unpack001/fart poopy ransowmare.exe	upx
static1/unpack001/fuck you.exe	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/BitchTits Ransomware [VIP].exe
unpack001/WannaFartCry.exe
unpack001/Wannashiturself.exe
unpack001/big FAT tits RANSOMWARE.exe
unpack001/big fat sexy dildo poop ransomware.exe
unpack001/bro what the fuckkk ur seriously beliving that.exe
unpack002/out.upx
unpack001/cocksucker ransomware [COOL].exe
unpack001/fart poopy ransowmare.exe
unpack004/out.upx
unpack001/fart weewee ransomware.exe
unpack001/farting poop sex ransomware.exe
unpack001/farty poo poo ransomware.exe
unpack001/fuck you.exe
unpack001/large penis ransomware 2024.exe
unpack001/niggaware ransomware in 2029.exe
unpack001/pee poo piss piss ransomware rare.exe
unpack001/retard ransomware.exe

Files

Downloads.rar
.rar
BitchTits Ransomware [VIP].exe
.exe windows:4 windows x86 arch:x86

e09e73c4fea567b11f4f4705fae5bc58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
MessageBoxA
GetDesktopWindow

kernel32

CreateFileA
WriteFile
SetFilePointer
GetProcAddress
GetModuleHandleA
CloseHandle
ExitProcess

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WannaFartCry.exe
.exe windows:4 windows x86 arch:x86

a4f4c45e15e0c469158548704bbc0adf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

kernel32

GetCommandLineA
GetProcAddress
lstrlenA
ExitProcess
GetModuleHandleA

user32

GetDesktopWindow
ShowWindow

comctl32

InitCommonControlsEx
InitCommonControls

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Wannashiturself.exe
.exe windows:4 windows x86 arch:x86

680b918b0218082993965c6408cb9cc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
ResetEvent
VirtualAlloc
GetProcAddress
VirtualFree
OpenEventA
GetModuleHandleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
WriteFile
GetLastError
ReadFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
LoadLibraryA
SetFilePointer
MultiByteToWideChar
LCMapStringA
CloseHandle

user32

LoadBitmapA

winmm

mixerClose
mixerOpen

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
big FAT tits RANSOMWARE.exe
.exe windows:5 windows x86 arch:x86

bea6254f69b3ab3d3b936fbb8be715fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xutexun8\padabilev-nupikewus\baxoninor.pdb

Imports

kernel32

SetEnvironmentVariableW
GetFirmwareEnvironmentVariableA
FindResourceExW
EndUpdateResourceW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesA
WritePrivateProfileStructA
GetCurrentDirectoryW
CreateDirectoryExA
DefineDosDeviceA
GetFileAttributesExA
DeleteFileW
CopyFileW
IsBadStringPtrA
GetDefaultCommConfigA
GetDefaultCommConfigW
GetModuleFileNameW
SetInformationJobObject
AddVectoredExceptionHandler
AddRefActCtx
GetCalendarInfoA
SetCalendarInfoW
EnumDateFormatsA
GetSystemDefaultLCID
ReadConsoleInputA
AllocConsole
WriteConsoleW
SetFilePointerEx
HeapSize
DecodePointer
GetConsoleMode
GetConsoleCP
LoadLibraryW
LoadLibraryA
OpenSemaphoreA
lstrlenA
lstrcmpA
GetMailslotInfo
PeekNamedPipe
GetSystemTimes
GetFileTime
RequestDeviceWakeup
LockFile
FreeEnvironmentStringsW
TerminateProcess
HeapWalk
HeapAlloc
VirtualQuery
VirtualProtect
LocalAlloc
GlobalUnlock
OpenJobObjectW
InterlockedExchange
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
RaiseException
RtlUnwind
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapReAlloc
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetProcessHeap
CloseHandle
SetStdHandle
GetStringTypeW
FlushFileBuffers
CreateFileW

user32

SystemParametersInfoW
CreateIconFromResource
GetDlgItemInt
GetDoubleClickTime
GetMonitorInfoW

advapi32

RegSetValueW
RegQueryValueExW
RegQueryValueExA
RegQueryValueA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
GetFileSecurityW
SetFileSecurityW
GetPrivateObjectSecurity
SetSecurityDescriptorControl
GetSecurityDescriptorLength
AddAccessDeniedAceEx
DeleteAce
AreAnyAccessesGranted
ObjectPrivilegeAuditAlarmW
RegisterEventSourceA
GetNumberOfEventLogRecords
ClearEventLogA
RegisterServiceCtrlHandlerW

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 33.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
big fat sexy dildo poop ransomware.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 211KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 7KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bitch man ransomware.exe
.exe .vbs windows:4 windows x86 arch:x86 polyglot

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21-02-2008 00:00

Not After

13-03-2009 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:0d:9b:0f:80:2e:2b:e3:f0:83:3c:c8:e3:3c:99:50:d2:7e:51:92
Signer

Actual PE Digest

cf:0d:9b:0f:80:2e:2b:e3:f0:83:3c:c8:e3:3c:99:50:d2:7e:51:92

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bro what the fuckkk ur seriously beliving that.exe
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 388KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cocksucker ransomware [COOL].exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 436KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 370KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fart poopy ransowmare.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fart weewee ransomware.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
farting poop sex ransomware.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
farty poo poo ransomware.exe
.exe windows:5 windows x86 arch:x86

9f5d35278f74bba6e90ef5e70bf46540

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetCurrentActCtx
GetModuleHandleW
GetTickCount
GetConsoleTitleA
GetCurrencyFormatA
WaitNamedPipeW
WriteFile
FindActCtxSectionStringA
GetConsoleCP
SetFileShortNameW
GetFileAttributesW
VerifyVersionInfoA
WriteConsoleW
CommConfigDialogA
GetHandleInformation
GetProcAddress
GetTapeStatus
FoldStringA
GetOEMCP
GetModuleHandleA
CreateMutexA
GetStringTypeW
GetWindowsDirectoryW
GetPrivateProfileSectionW
lstrcpyW
LCMapStringW
DeleteFileA
AllocConsole
lstrlenA
GetACP
SetDefaultCommConfigA
GetLastError
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
HeapCreate
CloseHandle
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleMode
GetCPInfo
IsValidCodePage
Sleep
MultiByteToWideChar
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
CreateFileW

advapi32

MapGenericMask

msimg32

TransparentBlt

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 74.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.meze
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hozah
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gixulu
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fuck you.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 362KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
large penis ransomware 2024.exe
.exe windows:5 windows x86 arch:x86

c478831dfed51d83414652a1ea360362

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

activeds

ConvertSecurityDescriptorToSecDes
ReallocADsMem
DllGetClassObject
PropVariantToAdsType2
PropVariantToAdsType
DllCanUnloadNow
AdsFreeAdsValues
ADsEnumerateNext
SecurityDescriptorToBinarySD
ADsBuildEnumerator
ADsGetObject
AdsTypeToPropVariant2
ConvertSecDescriptorToVariant
AllocADsMem
AllocADsStr
AdsTypeToPropVariant
FreeADsStr
ADsOpenObject
BinarySDToSecurityDescriptor
ADsSetLastError
FreeADsMem
ADsEncodeBinaryData

kernel32

EnumSystemLocalesA
_lopen
FindAtomA
WaitCommEvent
GetLogicalDriveStringsW
SetCommConfig
LoadLibraryA
WriteProfileStringA
GetLongPathNameW
SetConsoleTextAttribute
ReadConsoleInputW
DisconnectNamedPipe
GetPrivateProfileIntA
ExpungeConsoleCommandHistoryW
IsBadReadPtr
EnumCalendarInfoA
GlobalCompact
LockFileEx
GlobalFindAtomW
GetPrivateProfileStructA
GlobalFlags
GlobalSize
VirtualAlloc
GetModuleHandleW
EnumCalendarInfoExW
GetExitCodeProcess
PeekConsoleInputA
RemoveDirectoryW
GetCommandLineA
GetThreadLocale
GetStartupInfoA
GetNextVDMCommand
GetEnvironmentStringsW
TransactNamedPipe
HeapCreate
lstrcatW
ReplaceFile
HeapQueryInformation
SetConsoleTitleW
OpenFile
GetEnvironmentVariableA
GetVDMCurrentDirectories
GetFileSizeEx
SetFilePointerEx
RegisterWowBaseHandlers
GetExitCodeThread
GetProcAddress
InterlockedExchange
GetProfileStringW
SetCalendarInfoA
SetFileValidData
DeleteFileA
QueryInformationJobObject

ntdll

RtlNtStatusToDosErrorNoTeb
RtlEqualUnicodeString
ZwSetInformationThread
strtol
NtSetVolumeInformationFile
LdrFindResourceEx_U
_ltow
RtlLengthSecurityDescriptor
NtOpenEvent
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlAddActionToRXact
LdrProcessRelocationBlock
RtlAnsiStringToUnicodeString
RtlRegisterSecureMemoryCacheCallback
RtlResetRtlTranslations
LdrLockLoaderLock
NtQueryEaFile
RtlImageRvaToSection
ZwCreateEventPair
_strupr
NtSetValueKey
NtLoadKey
iswdigit
RtlNewSecurityObjectEx
ZwPrivilegeObjectAuditAlarm
NtStartProfile
RtlGetLastNtStatus
RtlNumberGenericTableElementsAvl
NtSaveKey
RtlValidateProcessHeaps

crtdll

_cprintf
_ismbcspace
_chdir
wcsspn
_seterrormode
abort
_findclose
fwprintf
_amsg_exit
longjmp
strrchr
_ultoa
_wcslwr
_strlwr
_beginthread
_open_osfhandle
_lrotr
strcoll
__pxcptinfoptrs
_ismbbkpunct
_putenv
_j0
fputc

msvcp60

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?precision@ios_base@std@@QBEHXZ
?close@?$messages@G@std@@QBEXH@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?falsename@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?quiet_NaN@?$numeric_limits@C@std@@SACXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?imag@std@@YAMABV?$complex@M@1@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??Dstd@@YA?AV?$complex@N@0@ABNABV10@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAGG@Z
??_7time_base@std@@6B@
??4?$basic_ios@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?_Init@?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??4_Num_int_base@std@@QAEAAU01@ABU01@@Z
?do_close@?$messages@D@std@@MBEXH@Z
??4?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEXXZ

winscard

SCardIntroduceCardTypeW
SCardConnectW
SCardGetProviderIdA
SCardState
SCardForgetReaderA
SCardStatusA
g_rgSCardRawPci
SCardBeginTransaction
SCardGetCardTypeProviderNameA
SCardEstablishContext
g_rgSCardT1Pci
SCardFreeMemory
SCardListInterfacesA
SCardSetCardTypeProviderNameW
SCardListInterfacesW
SCardConnectA
SCardAddReaderToGroupW
SCardEndTransaction
SCardIntroduceReaderGroupW
SCardRemoveReaderFromGroupW
SCardListReaderGroupsW
SCardLocateCardsByATRA
SCardLocateCardsByATRW
SCardForgetReaderGroupA
SCardIntroduceCardTypeA
SCardLocateCardsW
SCardReleaseStartedEvent
SCardAccessNewReaderEvent

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
niggaware ransomware in 2029.exe
.exe windows:4 windows x86 arch:x86

a67a668e941ead82c9c282f92ca6f45c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetProcAddress
SetEvent
CloseHandle
OpenEventA
VirtualAlloc
Sleep
GetModuleHandleA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
HeapReAlloc
GetCPInfo
GetStringTypeW

user32

LoadStringA
LoadIconA
ShowWindow

winmm

mixerClose
mixerGetID

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pee poo piss piss ransomware rare.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
retard ransomware.exe
.exe windows:4 windows x86 arch:x86

71efab0179518ac02b0b90889b9dab6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CloseHandle

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e09e73c4fea567b11f4f4705fae5bc58

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 340B

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

a4f4c45e15e0c469158548704bbc0adf

Headers

File Characteristics

Imports

advapi32

kernel32

user32

comctl32

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 544B

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

680b918b0218082993965c6408cb9cc6

Headers

File Characteristics

Imports

kernel32

user32

winmm

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 264KB - Virtual size: 263KB

.data Size: 104KB - Virtual size: 470KB

.rsrc Size: 8KB - Virtual size: 4KB

bea6254f69b3ab3d3b936fbb8be715fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 1.5MB - Virtual size: 33.7MB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 284B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 211KB - Virtual size: 500KB

DATA Size: 7KB - Virtual size: 36KB

BSS Size: - Virtual size: 80KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 28KB

.rsrc Size: 9KB - Virtual size: 28KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 340B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 544B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 104KB - Virtual size: 470KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 1.5MB - Virtual size: 33.7MB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 284B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 4KB

CODE
Size: 211KB - Virtual size: 500KB

DATA
Size: 7KB - Virtual size: 36KB

BSS
Size: - Virtual size: 80KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 28KB

.rsrc
Size: 9KB - Virtual size: 28KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28
Certificate

cf:0d:9b:0f:80:2e:2b:e3:f0:83:3c:c8:e3:3c:99:50:d2:7e:51:92
Signer

.data
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 18KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 388KB

UPX1
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 437KB - Virtual size: 436KB

.reloc
Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 436KB

UPX1
Size: 370KB - Virtual size: 372KB

.rsrc
Size: 6KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 57KB - Virtual size: 60KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 104KB - Virtual size: 103KB

DATA
Size: 2KB - Virtual size: 2KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 130KB - Virtual size: 130KB