001[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

001.rar
Size

2.8MB
MD5

494b1f3661964eb30145a7617315dbdb
SHA1

48078350d06abe5dfeaad51e4ad6b44768df905d
SHA256

9e4a9e8f9c29c2307701b66b27404fdfed5770bbcba40c05edf046e5a3285975
SHA512

5e111eb302950623e595b2c3e66c472d4b74e2441e28f48127ba1e603f3f5365ba0b68062d82049bd7111b62ea74db6972d34f55fbe50de2d4e22a5ac2344a22
SSDEEP

49152:nw+6eMSIzGKwOpkdWZdQvYVpy6skn+/icU/6Sjd/9DhM1WN:yfSIzfpkdWZdh7dsk+KcYBpl1sWN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/11a80b997519711f00a741dcf64788fb99554061a4798509ca55ea4e11957eb1.exe	upx
static1/unpack001/1c53d9fda466a35e127ea0f774d776595ac99f837e0b9fd79ef288859e0a82dc.exe	upx
static1/unpack001/41ad73fa68a66ac06fe2d12e35dc537a8f5c8ec534a0a82d13f2769f6bb43bf5.exe	upx
static1/unpack001/a7b82203fa6a1831100fd414a5ef599edfbc72e63e34fc9847dd4e96c0bac64f.exe	upx

Unsigned PE 34 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0ddef96bc1cd9fae381e6f228639c145341e10197cc690a70dc0c8acb46d4c2c.exe
unpack001/11a80b997519711f00a741dcf64788fb99554061a4798509ca55ea4e11957eb1.exe
unpack002/out.upx
unpack001/13507f1f60e81e3fcfc2244f5b9e4f5d9d04c6f0beaa34429879afdb24720c07.exe
unpack001/1c53d9fda466a35e127ea0f774d776595ac99f837e0b9fd79ef288859e0a82dc.exe
unpack003/out.upx
unpack001/3ae9ec7dc2a13da4eb7ca8467ac659f75bf4dbef45fc13ff63011685c335bde0.exe
unpack001/41ad73fa68a66ac06fe2d12e35dc537a8f5c8ec534a0a82d13f2769f6bb43bf5.exe
unpack004/out.upx
unpack001/42748e1504f668977c0a0b6ac285b9f2935334c0400d0a1df91673c8e3761312.exe
unpack001/46d2ba1c63ad30cc0f8952ad248ad7f53382ad7e61df145b7c422c3ac1d111b4.exe
unpack001/49bac3903d2a9fd2ce742c35f8d9804061616874cf9e1a94dfd5007e25a3ca3e.exe
unpack001/4ffbdd03f2424c3013aac4b0cb5eb49a991f89a2533a24f56f47c1a82819c575.exe
unpack001/55aa55229ea26121048b8c5f63a8b6921f134d425fba1eabd754281ca6466b70.exe
unpack001/63feec522666cd97ec0a253cc17cf629a7bdb096c04f0b2de4c1bf959d67a77d.exe
unpack001/729f51d9a39f87c71d4f3fdc6ff811f953c9de16d769cb2b290128fe9d4e7532.exe
unpack001/72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
unpack001/74ec6fffadcf1771b04dc4fce45f21438e246ac62c1a26d566be68591f6bfd7a.exe
unpack001/7cf39ebb4409b13a7c153abff6661cc4d28d8d7109543d6419438ac9f2f1be57.exe
unpack001/85110c71485fa6b2e79ff0bf5562ab8367e7ca0f31ee27d96ccc9171bd94c7d3.exe
unpack001/8d2b0cf8ad5948bd2267aca64600d7e9d45b4dc8ad6a300d5d3c029bd003220d.exe
unpack001/9001d3e08e34598061281c2187b4deeee8022081f4706e9b7b89d52244ccf426.exe
unpack001/92aa0505ed000f9c5e54313506e3ebd0f1ae37628003a1275e302f6769bdf5f0.exe
unpack001/9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe
unpack001/9e288f3839546e5c382c6b3ccc1516a6bf797ad188107534a18eb6e4203117c7.exe
unpack001/9e87f069de22ceac029a4ac56e6305d2df54227e6b0f0b3ecad52a01fbade021.exe
unpack001/9f01f1a042c48b0e51f5e6029a661f5f08aad6ca0912a1b444afac6f2d4f2ad2.exe
unpack001/a7b82203fa6a1831100fd414a5ef599edfbc72e63e34fc9847dd4e96c0bac64f.exe
unpack005/out.upx
unpack001/b5a2fe5b87deed18b789929faaa7601771de63dfe6a670d09224aa57ebe8c6b9.exe
unpack001/cf0fe3723a41d7105f5b6d8a1be3ef6d43135c96714ffcb2c19d8a9ad9021c36.exe
unpack001/cf31156df08d27e16fb25b16c42176b04fa7d968e18c58e9017c7d85ffce4435.exe
unpack001/f95b6a45f1ae3b4ddf74fcc2f193a0a25df6f272b722e5c29edc838a99180061.exe
unpack001/fd49914f47d9ed24fe475c263a32b34d9ed9e472379ede30530a4a3c64510d24.exe

Files

001.rar
.rar
0ddef96bc1cd9fae381e6f228639c145341e10197cc690a70dc0c8acb46d4c2c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Infected\Desktop\update\Chrome\obj\x86\Debug\Chrome.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 117B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
11a80b997519711f00a741dcf64788fb99554061a4798509ca55ea4e11957eb1.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
13507f1f60e81e3fcfc2244f5b9e4f5d9d04c6f0beaa34429879afdb24720c07.exe
.exe windows:4 windows x86 arch:x86

0a346ef99c12dd28c73a2f45366a0bce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitThread
GetACP
GetModuleHandleA
GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect

ole32

OleInitialize
OleUninitialize

comctl32

InitCommonControls

shlwapi

UrlIsNoHistoryW

version

GetFileVersionInfoSizeA

oleaut32

OleLoadPicture

oleacc

AccessibleChildren

comdlg32

WantArrows

oledlg

OleUIPromptUserA

user32

GetClipboardViewer

winmm

auxGetDevCapsW

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1c53d9fda466a35e127ea0f774d776595ac99f837e0b9fd79ef288859e0a82dc.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3ae9ec7dc2a13da4eb7ca8467ac659f75bf4dbef45fc13ff63011685c335bde0.exe
.exe windows:6 windows x64 arch:x64

f17493a532ed6da1a4dc66a8e599527c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

SHDeleteKeyW
SHDeleteValueW
PathFileExistsW

kernel32

GetCurrentProcess
TerminateProcess
GetProcessId
FindClose
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
FindNextFileW
Process32FirstW
CloseHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlCaptureContext
UnhandledExceptionFilter
GetCurrentThreadId
QueryPerformanceCounter
FindFirstFileW
GetLogicalDrives
InitializeSListHead
RtlVirtualUnwind
RtlLookupFunctionEntry
DeleteFileW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW

user32

wsprintfA

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
GetUserNameW

shell32

SHFileOperationW

msvcp140

?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z

rpcrt4

UuidToStringW
UuidCreate

vcruntime140

memcpy
memset
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__C_specific_handler
_CxxThrowException
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vfprintf
__p__commode
__stdio_common_vfwprintf
__acrt_iob_func
_set_fmode

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm
exit
_exit
_crt_atexit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
system
terminate
_cexit
_invalid_parameter_noinfo_noreturn
_initterm_e

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
41ad73fa68a66ac06fe2d12e35dc537a8f5c8ec534a0a82d13f2769f6bb43bf5.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
42748e1504f668977c0a0b6ac285b9f2935334c0400d0a1df91673c8e3761312.exe
.exe windows:6 windows x86 arch:x86

6bbfb65cd9b162ad1c0e8044e810b4e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Artur\Desktop\csharp - js\косте пизда\Release\Thanatos.pdb

Imports

kernel32

lstrcmpA
lstrcatA
CopyFileA
lstrcpyA
SetFileAttributesA
GetCurrentProcessId
FindClose
OpenProcess
K32GetModuleFileNameExA
K32GetModuleBaseNameA
WideCharToMultiByte
K32EnumProcessModules
GetTickCount
FindNextFileA
FindFirstFileA
GetModuleFileNameA
MultiByteToWideChar
GetProcessHeap
GetFileSize
HeapAlloc
CloseHandle
DeleteFileA
CreateFileA
WriteFile
HeapFree
CreateDirectoryA
ReadFile
HeapSize
ReadConsoleW
WriteConsoleW
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
SetEndOfFile

advapi32

RegQueryValueExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
CryptDestroyKey
CryptAcquireContextA
CryptEncrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegCloseKey

shell32

ShellExecuteA

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpReadData

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
46d2ba1c63ad30cc0f8952ad248ad7f53382ad7e61df145b7c422c3ac1d111b4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\dell\Documents\Visual Studio 2017\Projects\FileEncrypter\FileEncrypter\obj\Release\FileEncrypter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
49bac3903d2a9fd2ce742c35f8d9804061616874cf9e1a94dfd5007e25a3ca3e.exe
.exe windows:4 windows x86 arch:x86

e8f4e67d219f03f44f78bd8ce61ca0e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
GetLocalTime
GetLastError
DeleteFileA
SetFileAttributesA
GetDriveTypeA
GetFullPathNameA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
GetFileAttributesA
FindNextFileA
GetVersion
ReadProcessMemory
CreateFileA
GetCurrentProcess
RtlUnwind
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapFree
HeapAlloc
GetCommandLineA
GetExitCodeProcess
GetModuleFileNameA
TerminateProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ReadFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEndOfFile
OpenProcess
ExitProcess
RaiseException
HeapReAlloc

user32

MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4ffbdd03f2424c3013aac4b0cb5eb49a991f89a2533a24f56f47c1a82819c575.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
55aa55229ea26121048b8c5f63a8b6921f134d425fba1eabd754281ca6466b70.exe
.exe windows:5 windows x86 arch:x86

4a93e91fba899188ad689394ba3d1f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\Thanatos\Release\Thanatos.pdb

Imports

kernel32

FindNextFileA
GetCurrentProcessId
lstrcpyA
GetTickCount
OpenProcess
GetModuleFileNameA
SetEndOfFile
CreateFileW
FindClose
SetFileAttributesA
CopyFileA
GetProcAddress
FindFirstFileA
CreateDirectoryA
lstrcmpA
lstrcatA
GetLastError
MultiByteToWideChar
DeleteFileA
CloseHandle
ReadFile
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
CreateFileA
WideCharToMultiByte
GetCurrentProcess
ExitProcess
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSection
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
HeapReAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
GetModuleHandleW
DecodePointer
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
RaiseException
HeapCreate
SetHandleCount
GetFileType
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize

advapi32

GetUserNameA
RegOpenKeyExA
RegSetValueExA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
CryptDeriveKey
RegCloseKey

shell32

ShellExecuteA

psapi

GetModuleFileNameExA
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
63feec522666cd97ec0a253cc17cf629a7bdb096c04f0b2de4c1bf959d67a77d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.newIT
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 64KB - Virtual size: 64KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 256B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 256B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
729f51d9a39f87c71d4f3fdc6ff811f953c9de16d769cb2b290128fe9d4e7532.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
.exe windows:5 windows x86 arch:x86

48dbac54777b31f54f4721a7bc1024e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LocalAlloc
GetProcAddress
ExitProcess
GetSystemTimes
GlobalMemoryStatus
GetMailslotInfo
lstrlenA
LoadLibraryW
AddAtomA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

gdi32

GetMapMode
GetGraphicsMode

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
74ec6fffadcf1771b04dc4fce45f21438e246ac62c1a26d566be68591f6bfd7a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7cf39ebb4409b13a7c153abff6661cc4d28d8d7109543d6419438ac9f2f1be57.exe
.exe windows:6 windows x86 arch:x86

930571369af7699560f7ecefa80e314a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\lwz\ImmGetCmpsitinStri.pdb

Imports

kernel32

ReadConsoleW
GetConsoleMode
ReadFile
GetProcessHeap
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetFileType
HeapFree
GetACP
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
Sleep
GetStdHandle
SetLastError
VirtualQuery
LoadLibraryExW
FreeLibrary
GetLogicalDrives
GetLogicalDriveStringsA
FlushFileBuffers
GetCurrentThread
SetThreadPriority
GetDriveTypeA
GetLocalTime
GetUserDefaultLangID
GetLocaleInfoW
CreateFileMappingA
MapViewOfFile
CloseHandle
GetTempPathA
GetCurrentDirectoryA
lstrlenA
lstrcpyA
lstrcpynA
GetLastError
lstrcatA
LoadLibraryExA
GetProcAddress
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
GetEnvironmentVariableA
GetModuleHandleExA
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
GetThreadLocale
GetConsoleCP
HeapSize
HeapReAlloc
HeapAlloc
GetComputerNameA
SetFilePointerEx
GetPrivateProfileIntA
WriteConsoleW
EncodePointer
LoadLibraryW
GetConsoleWindow
LoadLibraryA
CreateEventA
WaitForSingleObject
WriteFile
CreateFileW

user32

GetWindowTextLengthA
GetSysColorBrush
wsprintfA
SetWindowTextA
CharLowerA
SetWindowWord
OffsetRect
TrackPopupMenuEx
GetCursorPos
MapWindowPoints
RegisterClassA
LoadCursorA
LoadIconA
SetWindowLongA
GetWindowLongA
keybd_event
GetKeyboardLayout
GetActiveWindow
LoadImageA
ShowWindow
CreateWindowExW
CreateWindowExA
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
CheckMenuItem
EnableMenuItem
SendMessageA
EndDialog
KillTimer
SetTimer
GetWindowRect
CopyRect
RegisterHotKey
GetSystemMetrics
GetPropW
SendMessageW
SendDlgItemMessageW
EnableWindow
DefWindowProcA
PostQuitMessage
BeginPaint
EndPaint
LoadBitmapA
GetClientRect
DrawTextW
InvalidateRect
CreateIconIndirect
GetIconInfo
GetDlgItem
WindowFromPoint
GetDlgCtrlID
GetWindowContextHelpId

gdi32

GetStockObject
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectA
CreateBitmap
GetTextExtentPoint32A
Rectangle
Ellipse
SetTextColor
CreateFontW
StartDocA
StartPage
EndPage
EndDoc

advapi32

LsaClose
ImpersonateLoggedOnUser

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateGuid
StringFromCLSID
StringFromGUID2
CreateStreamOnHGlobal
CoUnmarshalInterface

oleaut32

VarDiv
VarTokenizeFormatString
VarAdd
VariantChangeTypeEx
LoadRegTypeLi
VarAnd
SafeArrayPtrOfIndex

odbc32

ord14
ord11
ord2
ord1
ord3
ord7
ord15

wininet

InternetCanonicalizeUrlA
InternetOpenA
InternetSetStatusCallback
InternetConnectA
FtpSetCurrentDirectoryA

netapi32

NetLocalGroupAddMember
NetUserAdd

mpr

WNetGetConnectionA

avifil32

AVIFileRelease

winmm

mmioAscend

shlwapi

StrCmpNIA
StrToIntExA

comctl32

ord410
ord17
ImageList_Add
ImageList_Create

pdh

PdhBrowseCountersA

gdiplus

GdipGetImageRawFormat
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCloneImage
GdipDisposeImage

secur32

AcceptSecurityContext
CompleteAuthToken

opengl32

glVertex2d
glVertex2i
glFlush
glEnd
glBegin
glClear
glColor3f
glClearColor
glLightfv
glShadeModel
glEnable
glLoadIdentity
glMatrixMode
glViewport
glMaterialfv
glDepthFunc
glCullFace
glClearDepth

glu32

gluPerspective

imm32

ImmGetDefaultIMEWnd
ImmGetConversionStatus
ImmSetConversionStatus
ImmReleaseContext
ImmGetContext

uxtheme

SetThemeAppProperties

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mini
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.profile
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sys
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
85110c71485fa6b2e79ff0bf5562ab8367e7ca0f31ee27d96ccc9171bd94c7d3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8d2b0cf8ad5948bd2267aca64600d7e9d45b4dc8ad6a300d5d3c029bd003220d.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9001d3e08e34598061281c2187b4deeee8022081f4706e9b7b89d52244ccf426.exe
.exe windows:6 windows x86 arch:x86

07a613d6eb74194dbbb5d6a9b5093126

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
GetCurrentProcessId
CloseHandle
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
VirtualQueryEx
GetSystemInfo
CreateFileW
ReadConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadLibraryExW
OutputDebugStringW
VirtualQuery
GetCurrentThreadId
IsDebuggerPresent
GetProcessHeap
HeapSize
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineW
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
HeapReAlloc
HeapFree
RtlUnwind
RaiseException
HeapAlloc
GetStringTypeW
MultiByteToWideChar
DecodePointer
CreateToolhelp32Snapshot
SetConsoleCtrlHandler
CancelIo
DeleteFileA
UpdateResourceA
EnumResourceTypesA
FindResourceExA
FreeResource
GetModuleHandleA
OpenEventA
CreateEventA
lstrlenA
FormatMessageA
WaitCommEvent
ReadFile
WriteFile
SizeofResource
LoadResource
WaitForSingleObject
GetOverlappedResult
GetLastError
GetCurrentThread
GetCurrentProcess
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
VirtualAlloc
LockResource

user32

RegisterWindowMessageA
DefWindowProcA
CallWindowProcA
RegisterClassExA
RegisterClassExW
CreateWindowExA
SendMessageA
GetWindowLongA
LoadIconW
GetWindowLongW
GetWindowTextW
SetWindowTextW
SetWindowTextA
GetDialogBaseUnits
ShowWindow
SendMessageW
MonitorFromWindow
LoadStringA
LoadImageA
LoadIconA
LoadCursorA
CreateWindowExW
SetClassLongA
GetClassLongA
SetWindowLongA
LoadBitmapA
OffsetRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
GetCursorPos
MessageBoxW
AdjustWindowRect
GetWindowRect
GetClientRect
GetWindowTextLengthA
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
DeleteMenu
AppendMenuA
CreateMenu
GetSystemMenu
GetMenuStringA
GetSystemMetrics
IsWindowEnabled
GetFocus
SendDlgItemMessageA
IsDlgButtonChecked
GetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxParamA

gdi32

ExtTextOutA
SetTextColor
SetStretchBltMode
SetBkColor
SelectObject
SaveDC
GetTextExtentPoint32A
GetStockObject
ExcludeClipRect
Ellipse
DeleteObject
CreateSolidBrush
CreateRectRgnIndirect
CreateEllipticRgn
CombineRgn
RestoreDC

advapi32

AdjustTokenPrivileges
OpenThreadToken
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
AllocateAndInitializeSid

shell32

ShellExecuteA

ws2_32

WSAEventSelect

netapi32

NetApiBufferFree
NetUserGetInfo

psapi

GetMappedFileNameW

msi

ord248
ord241
ord243

msimg32

GradientFill

crypt32

CertGetNameStringA
CryptEncodeObjectEx

shlwapi

PathRemoveExtensionA

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

uxtheme

GetThemeInt
DrawThemeBackground

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
92aa0505ed000f9c5e54313506e3ebd0f1ae37628003a1275e302f6769bdf5f0.exe
.exe windows:5 windows x86 arch:x86

52cfa32aa0b16f232123e332adeed4b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetLocaleInfoA
GetModuleHandleW
GlobalAlloc
GetOverlappedResult
GetProcAddress
GetPrivateProfileStringA
GetOEMCP
GetModuleHandleA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
Sleep
ExitProcess
GetStartupInfoW
GetLastError
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapFree
CloseHandle
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize

user32

CopyAcceleratorTableA
GetAsyncKeyState
EmptyClipboard
GetMenuInfo
DispatchMessageW
RealChildWindowFromPoint

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe
.exe windows:4 windows x86 arch:x86

ad7f0cccd86c2a80587f856e17972b29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaLineInputVar
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaForEachCollAd
__vbaLsetFixstr
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
__vbaFileCloseAll
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
ord631
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
__vbaObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
ord717
__vbaGetOwner3
__vbaVarCat
__vbaI2Var
__vbaLsetFixstrFree
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
ord579
__vbaLateMemCall
__vbaOnGoCheck
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaR8IntI4
__vbaStrVarCopy
_allmul
_CItan
__vbaNextEachCollAd
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9e288f3839546e5c382c6b3ccc1516a6bf797ad188107534a18eb6e4203117c7.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9e87f069de22ceac029a4ac56e6305d2df54227e6b0f0b3ecad52a01fbade021.exe
.exe windows:6 windows x86 arch:x86

fc7c70bdf521087654ea0c66669225c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetCurrentProcess
InitializeCriticalSectionEx
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
HeapSize
DeleteFileA
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetComputerNameA
CreateProcessA
IsDebuggerPresent
CheckRemoteDebuggerPresent
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
GetLogicalDriveStringsA
SetFileAttributesA
MoveFileExA
lstrlenA
GetDriveTypeA
MoveFileA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
GetLastError
MultiByteToWideChar
WriteFile
lstrlenW
ReadFile
LocalFree
CloseHandle
GetFileAttributesA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
GetModuleHandleA
LocalAlloc
GetProcessHeap
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
RtlUnwind
FreeLibrary
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetACP
SetStdHandle
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
SetEndOfFile

user32

SystemParametersInfoA

advapi32

CryptDestroyKey
RegQueryValueExA
RegCloseKey
CryptReleaseContext
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegCreateKeyExA
OpenProcessToken
SetSecurityInfo
GetTokenInformation
CryptGenRandom
RegOpenKeyExA
CryptAcquireContextA
CryptAcquireContextW
CryptEncrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize

crypt32

CryptStringToBinaryA
CryptImportPublicKeyInfo
CryptDecodeObjectEx

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9f01f1a042c48b0e51f5e6029a661f5f08aad6ca0912a1b444afac6f2d4f2ad2.exe
.exe windows:5 windows x86 arch:x86

8ed885a3dd76eb29a82bb4853dc96cca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
CreateProcessW
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateMutexW
SetThreadExecutionState
MulDiv
ExitThread
SetThreadPriority
InterlockedExchange
InterlockedExchangeAdd
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
SetLastError
SystemTimeToFileTime
GetSystemTime
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
FreeLibrary
GetLogicalDrives
LoadLibraryW
GetCommandLineW
GetFileSize
WaitForSingleObject
GetComputerNameW
GetModuleHandleW
IsBadReadPtr
GetGeoInfoW
GetUserGeoID
GetVersionExW
GetModuleHandleA
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
DuplicateHandle
QueryDosDeviceW
ResetEvent
TerminateThread
OpenProcess
GetLogicalDriveStringsW
GetCurrentProcess
FindNextFileW
lstrcmpiW
RemoveDirectoryW
GetTempPathW
GetCurrentThread
FindFirstFileW
GetFileInformationByHandle
DeleteFileW
WaitForMultipleObjects
CreateFileMappingW
FindClose
MoveFileW
VirtualAlloc
GetFileSizeEx
GetOverlappedResult
VirtualFree
FlushViewOfFile
SetFilePointerEx
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetLastError
GetFileAttributesW
WriteFile
SetEvent
CreateDirectoryW
Sleep
GetVolumeInformationW
SetFileAttributesW
LocalFree
GetCurrentProcessId
ReadFile
GetModuleFileNameW
CreateFileW
GetProcAddress
CreateEventW
GetSystemInfo
GetUserDefaultUILanguage
CloseHandle
GetWindowsDirectoryW
ExitProcess

user32

CharToOemW
SystemParametersInfoW
SetRect
GetDC
DrawTextW
CharUpperW
GetSystemMetrics
ReleaseDC

advapi32

CryptSetKeyParam
GetLengthSid
CryptGetHashParam
CryptExportKey
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
OpenThreadToken
MapGenericMask
AccessCheck
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
FreeSid
RevertToSelf
SetEntriesInAclW
AllocateAndInitializeSid
ImpersonateSelf
SetNamedSecurityInfoW
GetFileSecurityW
IsWellKnownSid

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathUnquoteSpacesW
PathRemoveBackslashW
PathStripToRootW
PathAddExtensionW
PathAddBackslashW
wvnsprintfA
wvnsprintfW
SHDeleteValueW
PathFileExistsW
StrCmpNIW
PathAppendW
PathStripPathW

ole32

StringFromGUID2
CLSIDFromString

shell32

SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

crypt32

CryptDecodeObjectEx
CryptStringToBinaryW
CryptBinaryToStringW
CryptEncodeObject
CryptExportPublicKeyInfo

wininet

InternetCrackUrlA
InternetCloseHandle
InternetSetOptionA
HttpQueryInfoA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetQueryOptionA

psapi

GetMappedFileNameW

mpr

WNetCloseEnum
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W
WNetEnumResourceW
WNetGetConnectionW

netapi32

NetShareEnum
NetApiBufferFree

gdi32

GetDIBits
CreateFontW
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
SetBkMode
GetDeviceCaps
DeleteDC
SetTextColor
BitBlt
CreateCompatibleDC

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.afc
Size: 3KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guh
Size: 17KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a7b82203fa6a1831100fd414a5ef599edfbc72e63e34fc9847dd4e96c0bac64f.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b5a2fe5b87deed18b789929faaa7601771de63dfe6a670d09224aa57ebe8c6b9.exe
.exe windows:5 windows x86 arch:x86

ee7eabfb216812054a15738aa6448fc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
SetComputerNameExA
GetCPInfo
GetModuleHandleW
GetACP
lstrcmpW
GetProcAddress
GetPrivateProfileStringA
UnhandledExceptionFilter
LocalAlloc
GetModuleHandleA
DeleteFileW
LCMapStringW
HeapAlloc
GetCommandLineA
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapSize
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlUnwind
LoadLibraryA
GetOEMCP
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

GetMenuInfo
CharToOemBuffW
EnumDisplaySettingsA

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cf0fe3723a41d7105f5b6d8a1be3ef6d43135c96714ffcb2c19d8a9ad9021c36.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cf31156df08d27e16fb25b16c42176b04fa7d968e18c58e9017c7d85ffce4435.exe
.exe windows:5 windows x86 arch:x86

7820410a776571d1b18ff13f1c700b38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
GetModuleHandleA
GetEnvironmentVariableW
CreateProcessW
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateMutexW
SetThreadExecutionState
MulDiv
ExitThread
InterlockedExchange
InterlockedExchangeAdd
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
SetLastError
SystemTimeToFileTime
GetSystemTime
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
FreeLibrary
GetLogicalDrives
LoadLibraryW
GetCommandLineW
GetFileSize
WaitForSingleObject
GetComputerNameW
GetModuleHandleW
IsBadReadPtr
GetGeoInfoW
GetUserGeoID
GetVersionExW
HeapAlloc
HeapReAlloc
CreateThread
DuplicateHandle
DeleteCriticalSection
QueryDosDeviceW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
TerminateThread
OpenProcess
InitializeCriticalSection
GetLogicalDriveStringsW
GetCurrentProcess
FindNextFileW
lstrcmpiW
RemoveDirectoryW
GetTempPathW
GetCurrentThread
FindFirstFileW
GetFileInformationByHandle
DeleteFileW
WaitForMultipleObjects
CreateFileMappingW
FindClose
MoveFileW
VirtualAlloc
GetFileSizeEx
GetOverlappedResult
VirtualFree
FlushViewOfFile
SetFilePointerEx
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetLastError
GetFileAttributesW
WriteFile
SetEvent
CreateDirectoryW
Sleep
GetVolumeInformationW
SetFileAttributesW
LocalFree
GetCurrentProcessId
ReadFile
GetModuleFileNameW
CreateFileW
GetProcAddress
CreateEventW
GetSystemInfo
GetUserDefaultUILanguage
CloseHandle
GetWindowsDirectoryW
ExitProcess

user32

CharToOemW
SystemParametersInfoW
SetRect
GetDC
DrawTextW
CharUpperW
GetSystemMetrics
ReleaseDC

advapi32

CryptExportKey
GetLengthSid
CryptGetHashParam
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
OpenThreadToken
MapGenericMask
AccessCheck
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
FreeSid
RevertToSelf
SetEntriesInAclW
AllocateAndInitializeSid
ImpersonateSelf
SetNamedSecurityInfoW
GetFileSecurityW
IsWellKnownSid

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathUnquoteSpacesW
PathRemoveBackslashW
PathStripToRootW
PathAddExtensionW
PathAddBackslashW
wvnsprintfA
wvnsprintfW
SHDeleteValueW
PathFileExistsW
StrCmpNIW
PathAppendW
PathStripPathW

ole32

StringFromGUID2
CLSIDFromString

shell32

SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

crypt32

CryptDecodeObjectEx
CryptStringToBinaryW
CryptBinaryToStringW
CryptEncodeObject
CryptExportPublicKeyInfo

wininet

InternetCrackUrlA
InternetCloseHandle
InternetSetOptionA
HttpQueryInfoA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetQueryOptionA

psapi

GetMappedFileNameW

mpr

WNetCloseEnum
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W
WNetEnumResourceW
WNetGetConnectionW

netapi32

NetShareEnum
NetApiBufferFree

gdi32

GetDIBits
CreateFontW
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
SetBkMode
GetDeviceCaps
DeleteDC
SetTextColor
BitBlt
CreateCompatibleDC

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wun
Size: 3KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sex
Size: 35KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f95b6a45f1ae3b4ddf74fcc2f193a0a25df6f272b722e5c29edc838a99180061.exe
.exe windows:6 windows x86 arch:x86

ffa552270d448f3f514cfd56fcf129a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateProcess
OpenProcess
GetModuleFileNameW
GlobalAlloc
GlobalFree
WinExec
lstrcpyW
lstrcatW
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLogicalDrives
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetEnvironmentVariableW
GetCommandLineW
FindNextFileW
SetLastError
QueryPerformanceFrequency
DecodePointer
EncodePointer
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
DuplicateHandle
LocaleNameToLCID
LCIDToLocaleName
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetShortPathNameW
FindFirstFileW
SetEvent
FindClose
RaiseException

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
CryptEncrypt
CryptAcquireContextW

shell32

CommandLineToArgvW
ShellExecuteW

msvcrt

wcsncmp
??1type_info@@UAE@XZ
_exit
__CxxFrameHandler3
?what@exception@@UBEPBDXZ
?terminate@@YAXXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
log
pow
_unlock
__dllonexit
_lock
_onexit
__getmainargs
_cexit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_controlfp
abort
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_except_handler4_common
_time64
??0exception@@QAE@XZ
ungetc
setvbuf
fwrite
fsetpos
fputc
fgetpos
fgetc
fflush
fclose
_snwprintf
malloc
free
strlen
wcslen
wcscmp
wcscat
wcsstr
memset
memmove
memcmp
memchr
_errno
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
_CxxThrowException
_fseeki64
wcscpy_s
__uncaught_exception
calloc
__pctype_func
isupper
_wcsdup
___lc_codepage_func
__crtLCMapStringA
___lc_handle_func
islower
setlocale
_wfsopen
fseek
_beginthreadex
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
?name@type_info@@QBEPBDXZ
_aligned_free
_aligned_malloc
_iob

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fd49914f47d9ed24fe475c263a32b34d9ed9e472379ede30530a4a3c64510d24.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 86KB - Virtual size: 85KB

.sdata Size: 512B - Virtual size: 117B

.rsrc Size: 190KB - Virtual size: 190KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 30KB - Virtual size: 32KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 49KB - Virtual size: 48KB

DATA Size: 1024B - Virtual size: 776B

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

0a346ef99c12dd28c73a2f45366a0bce

Headers

File Characteristics

Imports

kernel32

ole32

comctl32

shlwapi

version

oleaut32

oleacc

comdlg32

oledlg

user32

winmm

Sections

.text Size: 159KB - Virtual size: 158KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 88KB - Virtual size: 88KB

.rt Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 84KB

UPX1 Size: 40KB - Virtual size: 40KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 76KB - Virtual size: 76KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 5KB

f17493a532ed6da1a4dc66a8e599527c

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

.text
Size: 86KB - Virtual size: 85KB

.sdata
Size: 512B - Virtual size: 117B

.rsrc
Size: 190KB - Virtual size: 190KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 30KB - Virtual size: 32KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 49KB - Virtual size: 48KB

DATA
Size: 1024B - Virtual size: 776B

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 159KB - Virtual size: 158KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 88KB - Virtual size: 88KB

.rt
Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 84KB

UPX1
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 76KB - Virtual size: 76KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 15KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 80B

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 39KB - Virtual size: 40KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 72KB - Virtual size: 71KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 512B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B