Downloads+12[.]6[.]24[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Downloads+12.6.24.rar
Size

80.7MB
MD5

6581ff2dd9ee474331780c2112500d6a
SHA1

a164068608d9c2b32e07a0534617716c49629230
SHA256

66cf7d06e6cf6413d3e9e6a488f7528f5c6d06057abec20496f70d1691fbdfb2
SHA512

a9aa014dfaab0f60b69e6ec8b7d9a466d5f976543507727257cf3b09c4fc202e7ff9cba9cc46a284cb891cdb49d95a226f27d7f64cf5d4f84b9e1e9cce91968a
SSDEEP

1572864:qRZgqlQF1RtT241GjCmpieL4IK7iilrrtAycBAHyw+GCzYhXKs5l44jm4/usyXQ7:qQfT241GjCmp/GxRURqdKWmOHwq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/Privacy Protector.exe	themida

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/Blocker v2.exe
unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/CS2.exe
unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/Loud Chair.exe
unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/Perm Woofer.exe
unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/Privacy Protector.exe
unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/Silent Chair/Byr723V3Cq1.exe
unpack001/Downloads 12.6.24/Downloads 12.6.24/Downloads/Unlock All/nRi28Wtqb1.exe

Files

Downloads+12.6.24.rar
.rar
Downloads 12.6.24/Downloads 12.6.24/Downloads/Blocker v2.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 383KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 93KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Windows
Size: - Virtual size: 15.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Downloads 12.6.24/Downloads 12.6.24/Downloads/CS2.exe
.exe windows:6 windows x64 arch:x64

43c468490c6400ee7bdc2746202b8558

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BACKUP\Sources\trix\Console_systemlocker\ConsoleApplication1\x64\Release\ConsoleApplication1.pdb

Imports

secureenginesdk64

ord151
ord551

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

kernel32

DeleteCriticalSection
GetModuleHandleW
ResumeThread
CreateProcessA
GetThreadContext
GetProcAddress
VirtualAlloc
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileW
DeviceIoControl
GetCurrentProcessId
GetVersionExA
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
WriteProcessMemory
VirtualAllocEx
GetTickCount64
GlobalMemoryStatusEx
Sleep
CloseHandle
GetTempPathA
GetStdHandle
HeapAlloc
GetLastError
DecodePointer
lstrlenA
SetConsoleTitleA
SetConsoleTextAttribute
WritePrivateProfileStringA
GetPrivateProfileStringA
VirtualFree
LoadLibraryA
SetThreadContext
IsProcessorFeaturePresent
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
LocalFree
FormatMessageA
GetLocaleInfoEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
GetTickCount
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FreeLibrary
SetLastError
CreateFileA
GetFileSizeEx
OutputDebugStringW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
DeleteFileW
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowA
CharUpperBuffW

advapi32

CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
StartServiceA
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
OpenEventLogA
CloseEventLog
ClearEventLogA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash

ntdll

NtRaiseHardError
RtlAdjustPrivilege
RtlVirtualUnwind
NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

ws2_32

closesocket
WSAGetLastError
htonl
send
recv
gethostname
ioctlsocket
listen
accept
sendto
connect
recvfrom
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
bind
socket
__WSAFDIsSet
select
WSASetLastError
ntohl

normaliz

IdnToAscii

wldap32

ord45
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateChain
CryptQueryObject
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA

Exports

Exports

�%6(��&�uy�f��?�C��3�`�ZW3x�{Y��;�_�}��X��N��e��ɳ&]��Sq'Lj��n0o�L��ã��Tc��c��{F�5 �h��B�X対C��aްRx�!F��*P�}E��h0)��\�.�]v�ī��m�I��r��E�`�GկQ�\��Ay�ӓ�/�G�{��e)b@�E��S��M��>9mg�*;��chkͰ6��?�[t�,F�jd��2�b#�bu`d��'�ۛ��u��c�/�v�0?�<9]#s!q�?�-C3��|"��|��srK�A]��J��v�q*~��x�wf��j�oB�:'�֎Q5�/z�T�3;#P��H�=� ��Zk��ϊ��}W.)�E�,'�!�3�=�:� qJۘu&~��z��zב'Ů�:�kP��%��#�̅��<㗇Ø,w�� U)��Y맹�n�u��t\,��=�9��ς��"��L/��U�Fc��7h��B ��Û�.��;ʩp�=D�QD�+G�J�g�m� �bכ��$��'x1ǰZ,� W>!"�B3v\u��m��hEdW��D�t�0�� y�-C<��<ȡ��H,5�A�y��ԵLA<��'�$W�=a�\f�wf�+i�m7��.7��P�Y�p��u*�X��4�(2P�<��t2Q��.UUq�׀��aO��0��z��=�zT�w2�3Y�$`S-�*Ud��}]]��_��Ќ��ŀ��H�SP�-(κ)[�� @��ح��8◈JS��m�lf��t%T��e�Q.�W�w�n�(�� .'uUE��]l �� ]^��2��QE��t'�:p�s�?u3��HS��OjP �P�Vc~i��[�B�J�FjN�#:J��͡�@�&�0�q�zm��H��L�82غȎP�|3H%�n��p��SԨ�|�0~-̵�N��V�t�^�7Z�bu��&x1�A��7nߣ@X��>ݛ��N*"��^R[�Qj��8�\8mK��e��5C��2R��HD��Nn�xbYW_tR��z_��a��O�x�D�o)a�K��~��Wp�� 7a�� # �N��"b��|2��_�$c>��Bn{Ϛ��h5��2H�w ��n�Fr`l�փp��hΗ�y��ִtuu q��}��?�(��0h-��۸�50��Z]u�F�(�� _�� XmtX��:�*U ��s��w��½p�53��%��5��>�R�-�f�އn��ώ��o�0��ݘ�*�2��i.hP\�rn��K��Ĩ�8%j��T��Y��5_7�7:�-�}1͚0\��6��\�a V��v�J͗��Q��3߮�I��Yr��=A4V�B��~h\��V/��b��̀��W?"2Ӻ��%O.4��,qu*r�yE]ٰ�P��_Ep��t[i��ܫ��E{��0XdU��Q�KK%%p�J ��)�i�6$� !e��RL��I�SA\;�(�t��i�E ˱�+��!��\�t�.�S�Ů5�F��a��g�j� X��I?�J��e0�Q��mi��vA�Yw��p�N��1��p T��r��H|{��Tdxi��:�~�D �~��~@$Z0��FS��䀚Q�-W�tΌ��5��F0|��Jg-�f%�Rt?��p��׷tH��׊�,�G�- @m�l��3O"5��t/l��-��:�5�l\��iC[)1d�g�Y>�� ǅ�'Z��㎤k�#6�\��vve��Y9�Y ��?�(� �zB~b+x�Qi�2��{�-&��#G��,��A��2�Ҋ^�]w�y�sIx��P� ȁ�DO��)�K:�LwӨ��j��o�'x��6ۼ5��ך�+��@_յ��+݅P��ξEYg]��*м':�L�A1�Ϫ�nb�dS �Q��*D�<��,�@G4��&�,�a�R�m"�V�8H�6��$k�ϓ��Lu��Ǵ��y/��I�0��B�>k�0�y�Wrg�X"ZR��u�-��O(jk@d�{e��'QE�K¸�A��h��Ҡ�ru�9�<�-FĻ΃�ݡ��V�#�xLbeM�]h��Q�@��*CC��t+��.��ͭn"��. J"P=�w�9�%��Q��lO��ԑ�~�F�B��gS��ve�rh�⸍�N $��R��^@Q} b�پ�Y��2Cs��џ�q$�nH�Z��e�]G��bl!Օp�˖�g��*>~�71�~/�ib�l��KVDY��Kk)��3c�i�TV�Gb��\�/�w��3��8*��[��YB��j<��T#b2�w��-��wq�| C��%H dQI^��+Q]��m�3�y��2Bֺ �c&do+ ?�mNW�A�� aE��`^G��c:�H�M�/��X��pS�A��_��h:;=�7�JnbB&�1Nx�6�6��UqNH슏�5�g��V3��| �*��ƿ�Ьx�E�r�T�U��f��W)gd�j�.�cv � ��p}�[�1g��}��8��ɤ$��E�:O�_Y-?��Y��n��:�d�TG6m��aEg�>V��O��~��b�K7��U��{��dϒ�$��h� V��o+�e��m��7��,�W�xK2+�åoIL#E�{#��e��z��,�d��*��f��û��E+��")Q2��I"L1��~7p!*xVj��~��i"tu��/�β$�2 ��D#��Oݬ�H�ɕ��Q�X�mZ̝^�x��A�}ut � .��C�um��*�= �{��'+� ��Z7n�6/'5 4�=|��=Qn��zob��Ϯ88�� Z.'7�

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rnP
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.?dv
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.S-X
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads 12.6.24/Downloads 12.6.24/Downloads/Loud Chair.exe
.exe windows:6 windows x64 arch:x64

511b52afdc22b2d90c4cfb3f02c744e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW

iphlpapi

GetIpForwardTable

gdiplus

GdipSaveImageToStream

kernel32

GetVersion
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetWindow

gdi32

DeleteDC

advapi32

RegSetValueExW

shell32

SHGetFolderPathW

ole32

CLSIDFromString

ntdll

RtlLookupFunctionEntry

ws2_32

ntohl

dbghelp

SymSetOptions

crypt32

CertOpenStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.(0l
Size: - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.^M&
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Wy1
Size: 18.9MB - Virtual size: 18.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads 12.6.24/Downloads 12.6.24/Downloads/Perm Woofer.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 353KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16.6MB - Virtual size: 18.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

YES
Size: - Virtual size: 16.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 392B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Downloads 12.6.24/Downloads 12.6.24/Downloads/Privacy Protector.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 128KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 64KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 64KB

IMAGE_SCN_MEM_READ
Downloads 12.6.24/Downloads 12.6.24/Downloads/Silent Chair/Byr723V3Cq1.exe
.exe windows:6 windows x64 arch:x64

51235326a5333254d9a2e7b5ce26509f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

UnmapViewOfFile
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
CharUpperBuffW

advapi32

CryptDestroyKey

shell32

ShellExecuteA

msvcp140

?always_noconv@codecvt_base@std@@QEBA_NXZ

wininet

InternetOpenUrlA

normaliz

IdnToAscii

wldap32

ord79

crypt32

CertFreeCertificateChain

ws2_32

WSAGetLastError

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

fseek

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-string-l1-1-0

strncmp

Exports

Exports

{�Yk�� _ZҼ��hbzw�{�j��R��v�u�u x� ��[�6'�ـMA��/:]�� A/��ߴg�С^LR]� �L8��5��@�'�� Fi�A��N��n�I�P�JP�2㙔䯙�� L��A̞ͧ7�ؘ��8@�)Hnt�?��'��$��4W�8J"�K��m�g�ضOO[ 녎�.y�qi��M��h��~cV1�ȧ��ٱW��feV=��̋�k�?�J��(?��6sd�*k�e��M��a2�n�L�ѭ,}ӯ ��ԣ[��)�#1�4n�?�s�� C�_� � D}a!R��?��.&��nFo��!_*� ��1س��:D�'�o��~z]$q�T�YdX�,�HS��B5�-b�K��vO�𳍂�mg�i�?�(T�~�G��4��P ��M��\�1�nq�(��$�+�C&s�V0@p?u�� ۮ:��uZid'��_E��+;K��1Q!FQL�6tg��s/�0��-��yRH��HJc� ھOR#��}��t��H�� [��'��Q͏U�2�=*z�7/O�+��}\9��?��?��Cr��o�= u��Vk,��=x�!��0� �o��N�v��#h\A�[��u"��*rx��P"c�� ]��сN�ݴG��K��N�e`g�T�`�m�Y��b��5��e�4��~��X~��`�L��<�Ԗw0�d:}�׭dh*k�d��E�l��?[��N��O�� r ��Л��)/![x�r7�?3��h��G��j-��r�'��֖�� ]�~��PeV�E]�`�j��5��W��Dv�>QJ��x��Z�W�6��1��*ߡ�˄�&�W웆��FD�U��4�Ex�i��h±��̠��[pܕ&��BM|J,�%q��TTM�ߘ`�FAe��͐��k��sZV8 hM�S2z$:)W�;��N��J��Pe�ޮI<��K��[��=��(o<Kg�7Z)�>Q<��[T��ON��aI�b��!�� WVt��<�=.Q��i��6c��jQ�t�� q�ͭV�G;yA��!`��>B\�y� g��a|؅|;.U�� ɕj��DTxO��k6 ��T'L<��V~`CJ�t��A�Cd��j��|�N��V��D��Rӟ�ݫ��+��#1�ʹ�q��qJb�?ZA��v*�s��O%��Y׽�%Fe!��j=�|h�e�G �Cd��Q|��f�fĭ��7�m��|�7>�2�$��-l�L�p>�Ż��8��?��N�=wn�ik��wphO}9�]"��I {؆�lG�w�9)�M��K�_�o��O� ��Gʗ��<�Yh@��36&I�|��dp�o��q3��\�y ��Ea �Ԟ��j�8O�eƨP�sj^�X��ݭp@4�ɠZjX��.,��=_��isV��w��)ou�+�z�9 \f�z>u}��2�@�@�=��5��+7��^�n�. B<��ks�v��Yi�]�(E[b�/4��,��Z\�D��9�ڎprs��~�R��x2��&R��;��!D]/7:͌g��+��6�؉g|x,Ѿ�ECXC�]�a�yRl$N{�9�8��@��'>M�Y��L� ��C��s��~��$b\L3��5�W�Tw��/a��w�k<�K��syAv�N[1=0��h-vGV U�v�i_c��:�� γm�b3��-��.��zo��W5v{}��"��pFh�aH)�`�k�lo1�-�:�B.ǍO��{��5��ۢ[s��qz_�� (�0��\l63)Ch�gi*��w1C��U�9��l�'��ۼb��{��#qwb�7%#�|Ӕ��=�g��O��?C��$�@��ߓ��Y�N�'_��H?'P��MD��n��u��WIu��;m,% S��Cϵ^*-/��F4)�A��,7o<)|��Y2"��dm�:0��q��@9X��w�3��w��?'(��k�lp:�M]��d��ǋ�>΋]��Y�� ID军%�l4?�X�&W��N�̝�i<�Ḯ,D��mCɻFwc,s~�Z�v�Փ��A!�Wfb[�1��Y�P�/�ɂ��#��ɵS8�mI��C�h�X��W�Z��;��}��z��S8_��\��O}�\�s8�^6+�?�(��r��CH��1��zS��g�� '(�#��`a4S� dV 8��=ݠ<K蘹C�m�&�-��$��>�Ŷ-�S �?D��=0��kWW��]Oz�P�I�R��RW_9��Z�t��:� ۮ��ی�)Ll��s�,̹9�6��Z^? ��C�v��|�}��fў��m��6fOx�U!��-{0O��s�D��-c,Ni�� ɚ�X��O��@�ܚG�(��y�ëj�͂e1�Fm ��ł�o�Ag�`��{��]�*lD�h�lT��9dT�u��ҧ�T��i3��ΎB٢��.�s��ꐞ�!H��i��C��>��d�=[� �V�>��A��"� N��-��_�K��/v�8@OG��z�'�L�}y26T�b-��s�2w��}vC��\�˫�s��,`|�{3 W�cl�y'�ĳi��հ)�#y�ː:��S)��j�%3MDR�p0K��^N��Q-T�kt��X^�̓D�V;��!��lO��i/� �(�~Fd��e��A��p��Hs~��K�u<#ȵ>N$<]��3"��5��薘��8��7��w��?�D� ��{�힞(�'\l��?��ȟgЪ�5��,-Mauur�i�H~<)a�`��ٚ0�h�k�s��yD�6{<�&��:�% f�3^��-�>�*��f0$�

Sections

.text
Size: - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lol0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lol1
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lol2
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads 12.6.24/Downloads 12.6.24/Downloads/Silent Chair/bsod fix.bat
Downloads 12.6.24/Downloads 12.6.24/Downloads/Silent Chair/instructions.txt
Downloads 12.6.24/Downloads 12.6.24/Downloads/Silent Chair/w11 fix.bat
Downloads 12.6.24/Downloads 12.6.24/Downloads/Unlock All/bsod fix.bat
Downloads 12.6.24/Downloads 12.6.24/Downloads/Unlock All/instructions.txt
Downloads 12.6.24/Downloads 12.6.24/Downloads/Unlock All/nRi28Wtqb1.exe
.exe windows:6 windows x64 arch:x64

51235326a5333254d9a2e7b5ce26509f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

UnmapViewOfFile
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
CharUpperBuffW

advapi32

CryptDestroyKey

shell32

ShellExecuteA

msvcp140

?always_noconv@codecvt_base@std@@QEBA_NXZ

wininet

InternetOpenUrlA

normaliz

IdnToAscii

wldap32

ord79

crypt32

CertFreeCertificateChain

ws2_32

WSAGetLastError

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

fseek

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-string-l1-1-0

strncmp

Exports

Exports

�F��=j��@�>�4+��ج��;aG��iC�A�a� �)@��Ň�1�i��A �5mx��u�"�ov�p�u�l��G�4�u$5�b_�'�d��%E j��CJK��J@:��OCO��\>�kk�۽>��6�ݮd�w��}��Jx��n%5� �A�*z[ 7We>T��h3_y˾�g'�s5��s�A��[�CT� 5�ĉ��S�Y~�d3�Z0ӫ��o�e�5�cE$��{�U��y�*�_�F��B9`��5_@Š`��ć�뚙od� ��66��Q/��w��8]&�-�^�e�<P�C,��f��N��ϲq��*FN�^M��UR�|��6@2��t:�)��'n��o�NA�>��4��h3�;<��>/�(�p� n��H��s��T�T� յ��@�y�3��:��T2�f"��>�Mnneq8*$��%q`ǣ�&x�9ɤ]Q�d%08��/�NO��fNIm�DH6 V�"�n��xzE��bcK|_{��>�PZ�4}��$>%e�=S r�?�h&1�]�� P� *o\�y�J��2�*�8��r��3{�U��+� ��27��Ԭ��1b�cͩ��~˯it3�s"�q+Y!��y�az�jse1k"X��?f)~�C�#?��WY��W۶${�a�z>{��h-7��删q�m�-(ݴ�$Mo�>��D��rR�jh�EDʪ�&f[��BnǌD��C��1E�� m|z��e�W��|�݈s�;�R%��V��Z�埁�3��T��Lb�.�?�MK��t��kEdXU!D�Je�xD�<�g�B�L��D4�K��~G��`s&�"QM��iȅ2r�@d�|T��WsQ� ��!&�9�;�e�-��UU�;�[��P��"�ML5<:_��ǈI��F�8V�݁�x �J��͟��_��p5]9��ZރޞfpM��=S�:VD��0تX��MZwF��!��T��i��Ev6+��;QoRL��P|��S��a��$|�,5��4_?T-oB��k��qo~P⾢H�4��J7wgf��V��ZC2�5��KE�S�m��~-��Ve��:C �w�#\�%��=�Cj%:��W�S�'�y�x=lM��gHŋT��܎�O��k��?"Úɶ�:/��m�%.��qc�kG~6{.]+A�2[O8��O��S�<ỽ��Y��֦NY��g�͕�Pf)�Py��J!�ĥ7��{�P-��8��0�7ǵ*�z�鐫LxխPB��j�*l*#�f�h�&�Ov��%��!Đ͸��*3��˫�ւ=0O�|�n�_��U�p!�tĴ��ݷ�9��r�稶�V�@��!�q�B��yg{(��vI)e�2��#G��^��{,��˿fA2�ⱌ,`h��WG'�a ��a�7G�U�W�_H�1> v�>��xX��~��h��*(��9@��f-��h�}� �� )��ĭ��q�/֪��Yj��S5�_��T��&FP�a/� o2�� ~V��r�z]t��# �X�&"��<��b�=҇b*6T��$��Q�ш��OM��i�-W�W��ؑ��i��*8X��v�8'�ٛ1`�L�k_7�s'.�y�=y�o�Ż�w��y�F ��<`�i��8�_~��ٞ�y0��)<��b�˞ba��:�O�cm^m��˭�`*Tn��[�z�bڭ_W_��D��d�R��ӯy`��@wR5�tk�| ��@��o�f�!)4��/]̆<�F(�V��_�ww�>^�]r(��ǃ��k�lτY!��z�t��k�}�{1�\��6�GpT��F�*��a��dF�Mj�(��(��Fsv��r2��i�I��7�<��ÚN@�eL�Z��᧵!�Oa �e�'d�^��(��n�~#�U��3�9`3ζ��Z��9.��Ӿ��d��[<��t7�b��'$hn��s�Q�UF�c�ۅ(��R{m��g��M�%{d��l6��F~.#��CT&�>��@i�Xêt�D��p��Ѐ}8��<��t��a� �(�=�Co��R�i�`Q�UӰ�.��ޯe-��4�4��O��#�==?.M�U@u��L��g�c[�Kq�T��3��?]˰}<��TX��d�h`z��}��k��8�Z�%~iP;�(ky� w�8�l�I�PE��;��B�n$L�)72�Ӳ��0��d]-��'��J��dJҳ_/[ϊl��P�H�D��l}��K��c��:�JU��r�J҄��h��s|�z/��NPcM$%��i ��(��j��dg��`�r;�Aa]�L��DK�[|Ю;�/��cV�|�c~}J��h�� ,�Y6p,��X#l��ܰH��BE*A��Fz<��W$�4s��,(�q��/��&��c��t`+�A�C�ѵ]'�� {�D̅��H��TS��Y9�&&X %�a�_BA�8��<��W��1<S�ޢX�-[x��G�� '3�!�h�3MU�ylU��h�"Ǜ��4��ܔ��C��J��/��|�d�C�τre�6d;m��Ryq��jFL��'�99>L~�hP�jкA�L9k��FD?lQE�V,b��X�(Ɉ��|��6I6,�x9�Ng��A[9 = �6��'=d'h��_׺ g)�� #X�F��Y�g��*�e�s+s`1t�t��tQ�n��Ȋ�؃��,-ѵ�KjT+�qɅ��n=�гV��<R�E��5-*� �X2��f��O5Fa��؂5��!��+I�^��d��-��A��y��51�%!��Z��D��,��Ő�5��k��!

Sections

.text
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lol0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lol1
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lol2
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads 12.6.24/Downloads 12.6.24/Downloads/Unlock All/w11 fix.bat

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 383KB - Virtual size: 664KB

Size: 93KB - Virtual size: 205KB

Size: 2.8MB - Virtual size: 2.8MB

Size: 16KB - Virtual size: 28KB

Size: 512B - Virtual size: 500B

Size: 512B - Virtual size: 488B

Size: 2KB - Virtual size: 3KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

Windows Size: - Virtual size: 15.0MB

.boot Size: 9.1MB - Virtual size: 9.1MB

.reloc Size: 16B - Virtual size: 4KB

43c468490c6400ee7bdc2746202b8558

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secureenginesdk64

version

kernel32

user32

advapi32

ntdll

wininet

ws2_32

normaliz

wldap32

crypt32

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 1.5MB - Virtual size: 1.5MB

.pdata Size: 28KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 500B

.rnP Size: 2.4MB - Virtual size: 2.4MB

.?dv Size: 4KB - Virtual size: 3KB

.S-X Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

511b52afdc22b2d90c4cfb3f02c744e1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

iphlpapi

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

ws2_32

dbghelp

crypt32

bcrypt

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 462KB

.data Size: - Virtual size: 66KB

.pdata Size: - Virtual size: 51KB

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.(0l Size: - Virtual size: 11.9MB

.^M& Size: 4KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

Windows
Size: - Virtual size: 15.0MB

.boot
Size: 9.1MB - Virtual size: 9.1MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.pdata
Size: 28KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 500B

.rnP
Size: 2.4MB - Virtual size: 2.4MB

.?dv
Size: 4KB - Virtual size: 3KB

.S-X
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 462KB

.data
Size: - Virtual size: 66KB

.pdata
Size: - Virtual size: 51KB

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.(0l
Size: - Virtual size: 11.9MB

.^M&
Size: 4KB - Virtual size: 4KB

.Wy1
Size: 18.9MB - Virtual size: 18.9MB

.reloc
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: 353KB - Virtual size: 611KB

.data
Size: 90KB - Virtual size: 204KB

.data
Size: 16.6MB - Virtual size: 18.1MB

.data
Size: 16KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 500B

.data
Size: 512B - Virtual size: 488B

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 9KB - Virtual size: 9KB

YES
Size: - Virtual size: 16.8MB

.text
Size: 11.0MB - Virtual size: 11.0MB

.data
Size: 25KB - Virtual size: 25KB

.data
Size: 45KB - Virtual size: 45KB

.reloc
Size: 392B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 64KB

.tls
Size: 512B - Virtual size: 64KB

.rsrc
Size: 512B - Virtual size: 64KB

.themida
Size: - Virtual size: 12.9MB

.boot
Size: 8.4MB - Virtual size: 8.4MB

.reloc
Size: 16B - Virtual size: 64KB