mimikatz | 9671df266980938313615d140be6ed62_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9671df266980938313615d140be6ed62_JaffaCakes118
Size

12.1MB
MD5

9671df266980938313615d140be6ed62
SHA1

de5d7a97fede7abfd2de840422305dd69463ef71
SHA256

8fb0ce88b39069c7424c64ab9d30b3b8daa5da9fdb72a52d31f45b494a8eadcd
SHA512

03b116cf2f96b12947fa9cca5daca574e5ba34131ec722e3a4f253036ac741c4b247c7975d9c5cdfbc29ddc01156349bffaa51a6f26b622bd43bf7aab6e44d22
SSDEEP

196608:kmdEO6WoMzFR2Ews0eEHORinOjmHjzYSZZpBqdxSMgtdTmXNTQwjs/8Q2EZsCU3O:QqkdTIin/HbpyqdTmY/81EZsCi

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 2 IoCs

resource	yara_rule
static1/unpack004/data/meterpreter/ext_server_kiwi.x64.dll	mimikatz
static1/unpack004/data/meterpreter/ext_server_kiwi.x86.dll	mimikatz

Unsigned PE 34 IoCs

Checks for missing Authenticode signature.

resource
unpack004/data/meterpreter/elevator.x64.dll
unpack004/data/meterpreter/elevator.x86.dll
unpack004/data/meterpreter/ext_server_espia.x64.dll
unpack004/data/meterpreter/ext_server_espia.x86.dll
unpack004/data/meterpreter/ext_server_extapi.x64.dll
unpack004/data/meterpreter/ext_server_extapi.x86.dll
unpack004/data/meterpreter/ext_server_incognito.x64.dll
unpack004/data/meterpreter/ext_server_incognito.x86.dll
unpack004/data/meterpreter/ext_server_kiwi.x64.dll
unpack004/data/meterpreter/ext_server_kiwi.x86.dll
unpack004/data/meterpreter/ext_server_lanattacks.x64.dll
unpack004/data/meterpreter/ext_server_lanattacks.x86.dll
unpack004/data/meterpreter/ext_server_mimikatz.x64.dll
unpack004/data/meterpreter/ext_server_mimikatz.x86.dll
unpack004/data/meterpreter/ext_server_peinjector.x64.dll
unpack004/data/meterpreter/ext_server_peinjector.x86.dll
unpack004/data/meterpreter/ext_server_powershell.x64.dll
unpack004/data/meterpreter/ext_server_powershell.x86.dll
unpack004/data/meterpreter/ext_server_priv.x64.dll
unpack004/data/meterpreter/ext_server_priv.x86.dll
unpack004/data/meterpreter/ext_server_python.x64.dll
unpack004/data/meterpreter/ext_server_python.x86.dll
unpack004/data/meterpreter/ext_server_sniffer.x64.dll
unpack004/data/meterpreter/ext_server_sniffer.x86.dll
unpack004/data/meterpreter/ext_server_stdapi.x64.dll
unpack004/data/meterpreter/ext_server_stdapi.x86.dll
unpack004/data/meterpreter/ext_server_unhook.x64.dll
unpack004/data/meterpreter/ext_server_unhook.x86.dll
unpack004/data/meterpreter/ext_server_winpmem.x64.dll
unpack004/data/meterpreter/ext_server_winpmem.x86.dll
unpack004/data/meterpreter/metsrv.x64.dll
unpack004/data/meterpreter/metsrv.x86.dll
unpack004/data/meterpreter/screenshot.x64.dll
unpack004/data/meterpreter/screenshot.x86.dll

Files

9671df266980938313615d140be6ed62_JaffaCakes118
.tar
checksums.yaml.gz
.gz
checksums.yaml
checksums.yaml.gz.sig
data.tar.gz
.gz
data.tar
.tar
.gitignore
CONTRIBUTING.md
Gemfile
LICENSE
README.md
Rakefile
data/android/apk/AndroidManifest.xml
data/android/apk/classes.dex
.dex
data/android/apk/resources.arsc
data/android/meterpreter.dex
.dex
data/android/meterpreter.jar
.jar
data/android/metstage.jar
.jar
data/android/shell.jar
.jar
data/java/com/metasploit/meterpreter/MemoryBufferURLConnection.class
data/java/com/metasploit/meterpreter/MemoryBufferURLStreamHandler.class
data/java/javapayload/stage/Meterpreter.class
data/java/javapayload/stage/Shell.class
data/java/javapayload/stage/Stage.class
data/java/javapayload/stage/StreamForwarder.class
data/java/metasploit/AESEncryption.class
data/java/metasploit/JMXPayload.class
data/java/metasploit/JMXPayloadMBean.class
data/java/metasploit/Payload.class
data/java/metasploit/PayloadServlet.class
data/java/metasploit/PayloadTrustManager.class
data/java/metasploit/RMILoader.class
data/java/metasploit/RMIPayload.class
data/meterpreter/elevator.x64.dll
.dll windows:5 windows x64 arch:x64

0488da1988e5da3ab85ac50897661d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
GetHandleInformation
GetProcAddress
LoadLibraryA
CreateEventA
Sleep
WriteFile
SetEvent
WaitForSingleObject
CreateFileA
ExitThread
GetCurrentProcess
ExitProcess
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
HeapAlloc
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
SetStdHandle
WriteConsoleW
OutputDebugStringW
HeapSize
FlushFileBuffers
CreateFileW

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
SetThreadToken
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid

Exports

Exports

ReflectiveLoader
a

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/elevator.x86.dll
.dll windows:5 windows x86 arch:x86

7c5f250ba58f1406db94bb7f2181ad77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
GetHandleInformation
GetProcAddress
LoadLibraryA
CreateEventA
Sleep
WriteFile
SetEvent
WaitForSingleObject
CreateFileA
ExitThread
GetCurrentProcess
ExitProcess
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
HeapAlloc
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
OutputDebugStringW
HeapSize
FlushFileBuffers
CreateFileW

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
SetThreadToken
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid

Exports

Exports

_ReflectiveLoader@4
_a@16

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_espia.x64.dll
.dll windows:5 windows x64 arch:x64

e77a5fe458b7a76c0ed315404b343deb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
CloseHandle
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadFile
GetStringTypeW
LCMapStringW
GetVersionExA
LoadLibraryA
GetLastError
GetCurrentThreadId
LocalAlloc
GlobalFree
GetProcAddress
GlobalAlloc
SetFilePointerEx
FreeLibrary
HeapFree
HeapAlloc
GetCommandLineA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
HeapReAlloc
HeapSize
CompareStringW
ReadConsoleW

user32

GetDesktopWindow
ReleaseDC
GetDC
GetSystemMetrics
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

StretchBlt
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA

advapi32

RevertToSelf

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_espia.x86.dll
.dll windows:5 windows x86 arch:x86

5656efd599672c5c9ed1d422e812d187

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
CloseHandle
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadFile
GetStringTypeW
LCMapStringW
GetVersionExA
LoadLibraryA
GetLastError
GetCurrentThreadId
LocalAlloc
GlobalFree
GetProcAddress
GlobalAlloc
SetFilePointerEx
FreeLibrary
HeapFree
HeapAlloc
GetCommandLineA
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
RtlUnwind
HeapReAlloc
HeapSize
CompareStringW
ReadConsoleW

user32

GetDesktopWindow
ReleaseDC
GetDC
GetSystemMetrics
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

StretchBlt
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA

advapi32

RevertToSelf

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_extapi.x64.dll
.dll windows:5 windows x64 arch:x64

cf208ece67932e6b7f27e2e7edb98e3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromGdiDib

ws2_32

htonl

kernel32

UnmapViewOfFile
CreateFileMappingA
Sleep
FreeLibrary
LocalAlloc
FormatMessageA
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
CloseHandle
SetLastError
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
GetFileAttributesA
GetModuleHandleA
lstrlenA
lstrcmpA
GetSystemTime
WaitForMultipleObjects
GetLastError
LoadLibraryA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
RaiseException
RtlPcToFileHeader
lstrlenW
LocalFree
GetCPInfo
GetProcAddress
LCMapStringW
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
MapViewOfFile
HeapFree
HeapReAlloc
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
MultiByteToWideChar
GetCommandLineA
GetProcessHeap
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP

user32

DefWindowProcA
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
UnregisterClassA
RegisterClassExA
FindWindowW
SetWindowLongPtrA
GetWindowLongPtrA
ChangeClipboardChain
SetClipboardViewer
DestroyWindow
CreateWindowExA

advapi32

CryptDestroyKey
CryptGetHashParam
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SysFreeString
SysAllocString

activeds

ord9

esent

JetEndSession
JetOpenTable
JetInit
JetCreateInstance
JetSetSystemParameter
JetAttachDatabase
JetDetachDatabase
JetGetTableColumnInfo
JetOpenDatabase
JetCloseDatabase
JetRetrieveColumn
JetMove
JetBeginSession
JetTerm

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_extapi.x86.dll
.dll windows:5 windows x86 arch:x86

ed17d4037ca31238948f841ef8b4142c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromGdiDib

ws2_32

htonl

kernel32

UnmapViewOfFile
CreateFileMappingA
Sleep
FreeLibrary
InterlockedDecrement
LocalAlloc
FormatMessageA
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CloseHandle
SetLastError
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
GetFileAttributesA
GetModuleHandleA
lstrlenA
lstrcmpA
GetSystemTime
WaitForMultipleObjects
GetLastError
LoadLibraryA
TlsFree
TlsSetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
RaiseException
GetCPInfo
GetOEMCP
GetACP
lstrlenW
LocalFree
GetProcAddress
LCMapStringW
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
TlsGetValue
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
MultiByteToWideChar
GetCommandLineA
GetProcessHeap
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage

user32

DefWindowProcA
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
UnregisterClassA
RegisterClassExA
FindWindowW
SetWindowLongA
GetWindowLongA
ChangeClipboardChain
SetClipboardViewer
DestroyWindow
CreateWindowExA

advapi32

CryptDeriveKey
CryptDestroyKey
CryptGetHashParam
CryptEncrypt
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
CryptHashData
CryptAcquireContextA

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoInitialize

oleaut32

VariantCopy
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SysFreeString
SysAllocString
VariantChangeType

activeds

ord9

esent

JetTerm
JetBeginSession
JetEndSession
JetOpenTable
JetInit
JetCreateInstance
JetSetSystemParameter
JetAttachDatabase
JetDetachDatabase
JetGetTableColumnInfo
JetOpenDatabase
JetCloseDatabase
JetRetrieveColumn
JetMove

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_incognito.x64.dll
.dll windows:5 windows x64 arch:x64

03c873f44c71001f10be4d1ef633bd0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

netapi32

NetLocalGroupAddMembers
NetGroupAddUser
NetUserAdd

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetProcAddress
OpenProcess
CloseHandle
DuplicateHandle
GetModuleHandleA
GetLastError
GetCurrentThread
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
HeapSize
FlushFileBuffers
GetCurrentProcess
GetFileType
HeapFree
HeapAlloc
HeapReAlloc
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
CreateFileW
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW

advapi32

LookupAccountSidW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
LookupPrivilegeValueA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_incognito.x86.dll
.dll windows:5 windows x86 arch:x86

e8237f0904dd30ac62d636af15b3658c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

NetLocalGroupAddMembers
NetGroupAddUser
NetUserAdd

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetProcAddress
OpenProcess
CloseHandle
DuplicateHandle
GetModuleHandleA
GetLastError
GetCurrentThread
OutputDebugStringW
RtlUnwind
SetStdHandle
WriteConsoleW
HeapSize
FlushFileBuffers
GetCurrentProcess
GetFileType
HeapFree
HeapAlloc
HeapReAlloc
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
CreateFileW
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW
LoadLibraryExW

advapi32

LookupAccountSidW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
LookupPrivilegeValueA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_kiwi.x64.dll
.dll windows:5 windows x64 arch:x64

6b56153664d829f70fd040a23ed75713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ncrypt

BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
NCryptExportKey
NCryptImportKey
NCryptSetProperty
NCryptGetProperty
NCryptOpenKey
NCryptFreeBuffer
NCryptEnumKeys
BCryptEnumRegisteredProviders
NCryptOpenStorageProvider
BCryptFreeBuffer
BCryptDestroyKey
BCryptImportKeyPair
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
NCryptFreeObject

fltlib

FilterFindNext
FilterFindFirst

cabinet

ord14
ord13
ord11
ord10

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winscard

SCardListCardsW
SCardControl
SCardGetAttrib
SCardConnectW
SCardFreeMemory
SCardGetCardTypeProviderNameW
SCardEstablishContext
SCardReleaseContext
SCardListReadersW
SCardTransmit
SCardDisconnect

advapi32

CryptGetKeyParam
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CreateProcessWithLogonW
CreateWellKnownSid
CopySid
CryptDuplicateKey
CryptEncrypt
CryptSetHashParam
CryptAcquireContextA
CredIsMarshaledCredentialW
CredUnmarshalCredentialW
SystemFunction025
SystemFunction024
ConvertStringSecurityDescriptorToSecurityDescriptorW
CredFree
CredEnumerateW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeNameW
OpenThreadToken
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
LsaQuerySecret
LsaOpenSecret
CheckTokenMembership
LookupAccountNameW
LookupAccountSidW
IsTextUnicode
BuildSecurityDescriptorW
StartServiceW
SetServiceObjectSecurity
CryptAcquireContextW
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptSetProvParam
CryptGetProvParam
CryptEnumProvidersW
ConvertSidToStringSidW
ConvertStringSidToSidW
LsaFreeMemory
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
CryptDecrypt
SetThreadToken
GetTokenInformation
DuplicateTokenEx
QueryServiceStatusEx
CryptGetUserKey
CryptExportKey
CryptImportKey
CryptEnumProviderTypesW
SystemFunction006
SystemFunction007
ClearEventLogW
GetNumberOfEventLogRecords
OpenEventLogW
GetLengthSid
CryptDeriveKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashW
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaQueryTrustedDomainInfoByName
LsaEnumerateTrustedDomainsEx
LsaRetrievePrivateData
SystemFunction001
SystemFunction005
SystemFunction013
SystemFunction032
A_SHAUpdate
A_SHAFinal
A_SHAInit

crypt32

CryptEncodeObject
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptSignAndEncodeCertificate
CryptStringToBinaryW
CryptUnprotectData
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertGetNameStringW
CertEnumSystemStore
CryptExportPublicKeyInfo
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertAddCertificateContextToStore
CryptBinaryToStringW
CertEnumCertificatesInStore
CryptProtectData

cryptdll

CDGenerateRandomBits
MD5Final
MD5Update
MD5Init
CDLocateCheckSum
CDLocateCSystem

dnsapi

DnsQuery_A
DnsFree

netapi32

NetRemoteTOD
DsEnumerateDomainTrustsW
NetApiBufferFree
NetSessionEnum
NetWkstaUserEnum
NetShareEnum
NetStatisticsGet
DsGetDcNameW
NetServerGetInfo
I_NetServerTrustPasswordsGet
I_NetServerAuthenticate2
I_NetServerReqChallenge

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantInit

rpcrt4

MesEncodeIncrementalHandleCreate
RpcBindingFree
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcStringFreeW
RpcServerInqBindings
RpcServerListen
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
RpcEpResolveBinding
RpcServerRegisterAuthInfoW
RpcEpRegisterW
RpcEpUnregister
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
UuidCreate
I_RpcGetCurrentCallHandle
I_RpcBindingInqSecurityContext
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelf
RpcBindingInqAuthClientW
NdrMesTypeFree2
RpcMgmtWaitServerListen
UuidToStringW
NdrServerCall2
NdrClientCall2
NdrMesTypeEncode2
NdrMesTypeAlignSize2
MesHandleFree
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
RpcBindingSetAuthInfoExW
NdrMesTypeDecode2

shlwapi

PathCombineW
PathIsDirectoryW
PathFindFileNameW
PathCanonicalizeW
PathIsRelativeW

samlib

SamLookupNamesInDomain
SamEnumerateUsersInDomain
SamiChangePasswordUser
SamSetInformationUser
SamQueryInformationUser
SamOpenUser
SamOpenDomain
SamLookupDomainInSamServer
SamEnumerateDomainsInSamServer
SamConnect
SamCloseHandle
SamFreeMemory
SamOpenGroup
SamOpenAlias
SamGetGroupsForUser
SamGetAliasMembership
SamGetMembersInGroup
SamGetMembersInAlias
SamEnumerateGroupsInDomain
SamEnumerateAliasesInDomain
SamRidToSid
SamLookupIdsInDomain

secur32

InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
EnumerateSecurityPackagesW
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleW
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

shell32

CommandLineToArgvW

user32

PostMessageW
DefWindowProcW
UnregisterClassW
SendMessageW
CreateWindowExW
DestroyWindow
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
EnumClipboardFormats
GetUserObjectInformationW
IsCharAlphaNumericW
DispatchMessageW
GetMessageW
GetKeyboardLayout
RegisterClassExW
TranslateMessage

hid

HidD_GetHidGuid
HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_SetFeature
HidD_GetFeature

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

wldap32

ord79
ord54
ord301
ord304
ord309
ord310
ord13
ord208
ord41
ord26
ord27
ord36
ord127
ord167
ord142
ord14
ord133
ord147
ord157
ord145
ord88
ord12
ord73
ord203
ord69
ord113
ord140
ord139
ord97
ord96
ord77
ord224
ord223
ord122

ntdll

NtCompareTokens
RtlCreateUserThread
RtlGetCurrentPeb
NtQueryInformationProcess
RtlDecompressBuffer
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDowncaseUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
NtQuerySystemInformation
NtQueryObject
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtEnumerateSystemEnvironmentValuesEx
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
NtTerminateProcess
NtSuspendProcess
RtlAdjustPrivilege
NtResumeProcess
RtlStringFromGUID
RtlFreeUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlEqualUnicodeString
RtlGetNtVersionNumbers
RtlEqualString
RtlGUIDFromString
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString

msasn1

ASN1_CreateModule
ASN1BERDotVal2Eoid
ASN1_CloseModule
ASN1_CreateEncoder
ASN1BEREoid2DotVal
ASN1_CreateDecoder
ASN1_CloseDecoder
ASN1_FreeEncoded
ASN1_CloseEncoder
ASN1Free

winsta

WinStationConnectW
WinStationFreeMemory
WinStationEnumerateW
WinStationQueryInformationW
WinStationOpenServerW
WinStationCloseServer

kernel32

GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
RtlUnwindEx
CreateEventW
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateProcessW
CreatePipe
SetHandleInformation
ReadFile
TryEnterCriticalSection
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
WaitForSingleObject
SystemTimeToFileTime
SetConsoleCtrlHandler
GetModuleHandleW
GlobalSize
SetLastError
Sleep
CreateThread
CreateFileW
LoadLibraryW
lstrlenA
GetProcAddress
FreeLibrary
GetSystemTimeAsFileTime
GetLastError
CloseHandle
GetCurrentProcessId
OpenProcess
AllocConsole
lstrlenW
RaiseException
LocalFree
LocalAlloc
GetTimeZoneInformation
GetSystemDirectoryW
SetCurrentDirectoryW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
GetCurrentProcess
GetCurrentThread
GetStdHandle
ProcessIdToSessionId
GetComputerNameW
GetProcessId
FileTimeToSystemTime
TerminateThread
WriteFile
GetFileInformationByHandle
SetFilePointer
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTempPathA
GetTempFileNameA
GetCurrentDirectoryA
CreateFileA
DeleteFileA
GetFileSizeEx
FlushFileBuffers
FindClose
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetComputerNameExW
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
GetNamedPipeInfo
CreateNamedPipeW
WaitNamedPipeW
CreateRemoteThread
ClearCommError
PurgeComm
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
AreFileApisANSI
GetSystemTime
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
MultiByteToWideChar
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
FormatMessageA
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
CompareStringW
LCMapStringW
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
LockFile
FlushViewOfFile
UnlockFile
HeapFree
QueryPerformanceCounter
GetFileSize
CreateMutexW
HeapCompact
SetEndOfFile
HeapAlloc

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
powershell_reflective_mimikatz

Sections

.text
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_kiwi.x86.dll
.dll windows:5 windows x86 arch:x86

2d6f47a3b830f8acea40310e8e8b331f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ncrypt

BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
NCryptExportKey
NCryptImportKey
NCryptSetProperty
NCryptGetProperty
NCryptOpenKey
NCryptFreeBuffer
NCryptEnumKeys
BCryptEnumRegisteredProviders
NCryptOpenStorageProvider
BCryptFreeBuffer
BCryptDestroyKey
BCryptImportKeyPair
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
NCryptFreeObject

fltlib

FilterFindNext
FilterFindFirst

cabinet

ord14
ord13
ord11
ord10

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winscard

SCardListCardsW
SCardControl
SCardGetAttrib
SCardConnectW
SCardFreeMemory
SCardGetCardTypeProviderNameW
SCardEstablishContext
SCardReleaseContext
SCardListReadersW
SCardTransmit
SCardDisconnect

advapi32

CryptGetKeyParam
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CreateProcessWithLogonW
CreateWellKnownSid
CopySid
CryptDuplicateKey
CryptEncrypt
CryptSetHashParam
CryptAcquireContextA
CredIsMarshaledCredentialW
CredUnmarshalCredentialW
SystemFunction025
SystemFunction024
ConvertStringSecurityDescriptorToSecurityDescriptorW
CredFree
CredEnumerateW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeNameW
OpenThreadToken
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
LsaQuerySecret
LsaOpenSecret
CheckTokenMembership
LookupAccountNameW
LookupAccountSidW
IsTextUnicode
BuildSecurityDescriptorW
StartServiceW
SetServiceObjectSecurity
CryptAcquireContextW
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptSetProvParam
CryptGetProvParam
CryptEnumProvidersW
ConvertSidToStringSidW
ConvertStringSidToSidW
LsaFreeMemory
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
CryptDecrypt
SetThreadToken
GetTokenInformation
DuplicateTokenEx
QueryServiceStatusEx
CryptGetUserKey
CryptExportKey
CryptImportKey
CryptEnumProviderTypesW
SystemFunction006
SystemFunction007
ClearEventLogW
GetNumberOfEventLogRecords
OpenEventLogW
GetLengthSid
CryptDeriveKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashW
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaQueryTrustedDomainInfoByName
LsaEnumerateTrustedDomainsEx
LsaRetrievePrivateData
SystemFunction001
SystemFunction005
SystemFunction013
SystemFunction032
A_SHAUpdate
A_SHAFinal
A_SHAInit

crypt32

CryptEncodeObject
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptSignAndEncodeCertificate
CryptStringToBinaryW
CryptUnprotectData
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertGetNameStringW
CertEnumSystemStore
CryptExportPublicKeyInfo
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertAddCertificateContextToStore
CryptBinaryToStringW
CertEnumCertificatesInStore
CryptProtectData

cryptdll

CDGenerateRandomBits
MD5Final
MD5Update
MD5Init
CDLocateCheckSum
CDLocateCSystem

dnsapi

DnsQuery_A
DnsFree

netapi32

NetRemoteTOD
DsEnumerateDomainTrustsW
NetApiBufferFree
NetSessionEnum
NetWkstaUserEnum
NetShareEnum
NetStatisticsGet
DsGetDcNameW
NetServerGetInfo
I_NetServerTrustPasswordsGet
I_NetServerAuthenticate2
I_NetServerReqChallenge

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantInit

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFree
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcStringFreeW
RpcServerInqBindings
RpcServerListen
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
RpcEpResolveBinding
RpcServerRegisterAuthInfoW
RpcEpRegisterW
RpcEpUnregister
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
UuidCreate
I_RpcGetCurrentCallHandle
I_RpcBindingInqSecurityContext
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelf
RpcBindingInqAuthClientW
NdrMesTypeFree2
RpcMgmtWaitServerListen
UuidToStringW
NdrServerCall2
NdrClientCall2
NdrMesTypeEncode2
NdrMesTypeAlignSize2
MesHandleFree
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
NdrMesTypeDecode2

shlwapi

PathCombineW
PathIsDirectoryW
PathFindFileNameW
PathCanonicalizeW
PathIsRelativeW

samlib

SamLookupNamesInDomain
SamEnumerateUsersInDomain
SamiChangePasswordUser
SamSetInformationUser
SamQueryInformationUser
SamOpenUser
SamOpenDomain
SamLookupDomainInSamServer
SamEnumerateDomainsInSamServer
SamConnect
SamCloseHandle
SamFreeMemory
SamOpenGroup
SamOpenAlias
SamGetGroupsForUser
SamGetAliasMembership
SamGetMembersInGroup
SamGetMembersInAlias
SamEnumerateGroupsInDomain
SamEnumerateAliasesInDomain
SamRidToSid
SamLookupIdsInDomain

secur32

InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
EnumerateSecurityPackagesW
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleW
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

shell32

CommandLineToArgvW

user32

PostMessageW
DefWindowProcW
UnregisterClassW
SendMessageW
CreateWindowExW
DestroyWindow
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
EnumClipboardFormats
GetUserObjectInformationW
IsCharAlphaNumericW
DispatchMessageW
GetMessageW
GetKeyboardLayout
RegisterClassExW
TranslateMessage

hid

HidD_GetHidGuid
HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_SetFeature
HidD_GetFeature

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

wldap32

ord79
ord54
ord301
ord304
ord309
ord310
ord13
ord208
ord41
ord26
ord27
ord36
ord127
ord167
ord142
ord73
ord133
ord147
ord145
ord88
ord12
ord14
ord203
ord157
ord69
ord113
ord140
ord139
ord97
ord96
ord77
ord224
ord223
ord122

ntdll

NtCompareTokens
RtlCreateUserThread
RtlGetCurrentPeb
NtQueryInformationProcess
RtlDecompressBuffer
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDowncaseUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
NtQuerySystemInformation
NtQueryObject
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtEnumerateSystemEnvironmentValuesEx
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
NtTerminateProcess
NtSuspendProcess
RtlAdjustPrivilege
NtResumeProcess
RtlStringFromGUID
RtlFreeUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlEqualUnicodeString
RtlGetNtVersionNumbers
RtlEqualString
RtlGUIDFromString
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString

msasn1

ASN1_CreateModule
ASN1BERDotVal2Eoid
ASN1_CloseModule
ASN1_CreateEncoder
ASN1BEREoid2DotVal
ASN1_CreateDecoder
ASN1_CloseDecoder
ASN1_FreeEncoded
ASN1_CloseEncoder
ASN1Free

winsta

WinStationConnectW
WinStationFreeMemory
WinStationEnumerateW
WinStationQueryInformationW
WinStationOpenServerW
WinStationCloseServer

kernel32

GetModuleHandleExW
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
GetModuleFileNameW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
TryEnterCriticalSection
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateProcessW
CreatePipe
SetHandleInformation
ReadFile
WaitForSingleObject
SystemTimeToFileTime
SetConsoleCtrlHandler
CreateMutexW
HeapCompact
SetEndOfFile
HeapAlloc
GetModuleHandleW
GlobalSize
SetLastError
Sleep
CreateThread
CreateFileW
LoadLibraryW
lstrlenA
GetProcAddress
FreeLibrary
GetSystemTimeAsFileTime
GetLastError
CloseHandle
GetCurrentProcessId
OpenProcess
AllocConsole
lstrlenW
RaiseException
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedIncrement
SetEvent
CreateEventW
GetCurrentProcess
GetStdHandle
GetTimeZoneInformation
GetSystemDirectoryW
SetCurrentDirectoryW
IsWow64Process
DeleteCriticalSection
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
GetCurrentThread
ProcessIdToSessionId
GetComputerNameW
GetProcessId
FileTimeToSystemTime
TerminateThread
WriteFile
GetFileInformationByHandle
SetFilePointer
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTempPathA
GetTempFileNameA
GetCurrentDirectoryA
CreateFileA
DeleteFileA
GetFileSizeEx
FlushFileBuffers
FindClose
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetComputerNameExW
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
GetNamedPipeInfo
CreateNamedPipeW
WaitNamedPipeW
CreateRemoteThread
ClearCommError
PurgeComm
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
AreFileApisANSI
GetSystemTime
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
MultiByteToWideChar
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
FormatMessageA
GetProcessHeap
UnlockFileEx
CompareStringW
LCMapStringW
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
powershell_reflective_mimikatz

Sections

.text
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_lanattacks.x64.dll
.dll windows:5 windows x64 arch:x64

05af08f92a566c6c99b116a9411dca09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetLastError
WaitForSingleObject
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
IsDebuggerPresent
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW

ws2_32

ntohs
socket
setsockopt
sendto
select
recvfrom
ntohl
inet_addr
htons
htonl
getsockname
connect
closesocket
bind

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_lanattacks.x86.dll
.dll windows:5 windows x86 arch:x86

f9e0c5f18dcc1a8f87919fa48a3d00bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetLastError
WaitForSingleObject
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW

ws2_32

ntohs
socket
setsockopt
sendto
select
recvfrom
ntohl
inet_addr
htons
htonl
getsockname
connect
closesocket
bind

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_mimikatz.x64.dll
.dll windows:5 windows x64 arch:x64

93a609e5bac50edf2e03d53405388ee7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaGetLogonSessionData
GetUserNameExW
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCanonicalizeW
PathIsRelativeW
PathCombineW

wtsapi32

WTSCloseServer
WTSOpenServerW
WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
DuplicateHandle
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
GetProcessHeap
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
VirtualProtect
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
TerminateProcess
GetProcessId
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
WideCharToMultiByte
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
HeapFree
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
ping

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_mimikatz.x86.dll
.dll windows:5 windows x86 arch:x86

3bf3c00da61efed30928b6a090288292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaGetLogonSessionData
GetUserNameExW
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCanonicalizeW
PathIsRelativeW
PathCombineW

wtsapi32

WTSCloseServer
WTSOpenServerW
WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
WriteProcessMemory
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
GetProcessHeap
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
InterlockedDecrement
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
VirtualProtect
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
TerminateProcess
GetProcessId
DuplicateHandle
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
WideCharToMultiByte
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
ping

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_peinjector.x64.dll
.dll windows:5 windows x64 arch:x64

daaac21008635ecf6ad1d4eb14cb60a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
RtlUnwindEx
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
WideCharToMultiByte
GetConsoleCP
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
SetLastError
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetStringTypeW
SetEndOfFile
HeapSize
LCMapStringW

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_peinjector.x86.dll
.dll windows:5 windows x86 arch:x86

23f5518a9565417cda7e9b9478aff344

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
WideCharToMultiByte
GetConsoleCP
RtlUnwind
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
SetLastError
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetStringTypeW
SetEndOfFile
HeapSize
LCMapStringW

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_powershell.x64.dll
.dll windows:5 windows x64 arch:x64

ec5ef6f2db89283a900fe8b70981ad89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl

kernel32

QueryPerformanceCounter
LocalFree
LocalAlloc
GetProcAddress
GetLastError
SetEvent
ResetEvent
CloseHandle
CreateEventA
LoadLibraryA
lstrlenA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
MultiByteToWideChar
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
RtlPcToFileHeader
RaiseException
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
HeapReAlloc
GetStringTypeW

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
StagelessInit

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_powershell.x86.dll
.dll windows:5 windows x86 arch:x86

323d1c44ff34ee72b0869f1c0b500272

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl

kernel32

QueryPerformanceCounter
LocalFree
LocalAlloc
InterlockedDecrement
GetProcAddress
GetLastError
SetEvent
ResetEvent
CloseHandle
CreateEventA
LoadLibraryA
lstrlenA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
MultiByteToWideChar
HeapFree
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
HeapReAlloc
GetStringTypeW

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
StagelessInit
_ReflectiveLoader@0

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_priv.x64.dll
.dll windows:5 windows x64 arch:x64

80ad9585a3c297c7dd29382d0974b66e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

FindFirstFileW
FindNextFileW
GetCurrentThread
GetExitCodeThread
ReleaseSemaphore
WaitForSingleObject
Sleep
WriteFile
ReadFile
GetHandleInformation
ConnectNamedPipe
DisconnectNamedPipe
CreateSemaphoreA
GetTempPathA
CreateFileW
DeleteFileA
CreateNamedPipeA
GetVersionExA
VirtualAllocEx
VirtualFreeEx
OpenProcess
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
SetEvent
CreateEventA
GetTickCount
GetCurrentThreadId
GetModuleHandleA
FileTimeToSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CloseHandle
FindClose
SetLastError
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
FlushFileBuffers
CreateFileA
HeapReAlloc
VirtualProtectEx
CreateRemoteThread
HeapFree
HeapAlloc
SetEnvironmentVariableA
GetCommandLineA
RtlUnwindEx
GetProcessHeap
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetTimeZoneInformation
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
HeapSize
CompareStringW
LCMapStringW

advapi32

DuplicateToken
StartServiceA
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
ImpersonateNamedPipeClient
EnumServicesStatusA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
control

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_priv.x86.dll
.dll windows:5 windows x86 arch:x86

8061360dc6f359d03ceae7ccd5ac1749

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

FindFirstFileW
FindNextFileW
GetCurrentThread
GetExitCodeThread
ReleaseSemaphore
WaitForSingleObject
Sleep
WriteFile
ReadFile
GetHandleInformation
ConnectNamedPipe
DisconnectNamedPipe
CreateSemaphoreA
GetTempPathA
CreateFileW
DeleteFileA
CreateNamedPipeA
GetVersionExA
VirtualAllocEx
VirtualFreeEx
OpenProcess
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
SetEvent
CreateEventA
GetTickCount
GetCurrentThreadId
GetModuleHandleA
FileTimeToSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CloseHandle
FindClose
SetLastError
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
FlushFileBuffers
CreateFileA
HeapFree
VirtualProtect
VirtualProtectEx
CreateRemoteThread
SetEnvironmentVariableA
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
IsDebuggerPresent
IsProcessorFeaturePresent
GetTimeZoneInformation
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
HeapSize
CompareStringW
LCMapStringW

advapi32

DuplicateToken
StartServiceA
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
ImpersonateNamedPipeClient
EnumServicesStatusA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
control

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_python.x64.dll
.dll windows:5 windows x64 arch:x64

40a216fe96b7193cab479a6c231c10cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

crypt32

CertGetEnhancedKeyUsage
CertFreeCRLContext
CertEnumCRLsInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore

ws2_32

sendto
getnameinfo
freeaddrinfo
getaddrinfo
WSAIoctl
WSASetLastError
WSACleanup
WSAStartup
getprotobyname
getservbyname
getservbyport
gethostname
gethostbyname
gethostbyaddr
__WSAFDIsSet
shutdown
setsockopt
socket
send
recvfrom
recv
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
inet_ntop
inet_pton
WSAGetLastError
select

kernel32

RtlCaptureContext
RaiseException
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleFileNameW
IsDebuggerPresent
GetCommandLineA
LoadLibraryExW
ExitThread
CreateThread
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
HeapCompact
WriteConsoleW
ReadConsoleInputW
UnlockFileEx
GetCurrentProcess
GetLastError
GetFileSize
SetEndOfFile
SetFilePointer
CloseHandle
DuplicateHandle
GetSystemInfo
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetVersion
GetProcessTimes
OpenProcess
TerminateProcess
GetExitCodeProcess
SetLastError
WaitForSingleObject
GetFileInformationByHandle
GetFileType
FindClose
SetFileTime
GetSystemTime
SystemTimeToFileTime
CreatePipe
GetModuleFileNameA
CreateProcessA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
DeleteFileA
RtlLookupFunctionEntry
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
MoveFileA
MoveFileW
GenerateConsoleCtrlEvent
SetEvent
ResetEvent
Sleep
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleCtrlHandler
DisableThreadLibraryCalls
FreeLibrary
LocalFree
FormatMessageA
LoadLibraryA
IsBadStringPtrA
IsBadStringPtrW
VirtualAlloc
GetProcAddress
GetACP
GetLocaleInfoA
WriteFile
ReadFile
GetTickCount
PeekNamedPipe
GetCurrentThreadId
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreA
ExitProcess
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeA
WaitNamedPipeA
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
OutputDebugStringA
GetStdHandle
GetModuleHandleA
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryExA
OutputDebugStringW
GetConsoleCP
GetConsoleOutputCP
GetVersionExA
HeapAlloc
HeapFree
GetProcessHeap
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LockResource
VirtualQuery
LoadResource
FindResourceA
InitOnceExecuteOnce
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
ReleaseMutex
CreateMutexA
GetConsoleMode
SetConsoleMode
LockFileEx
ReadConsoleW
GetTimeZoneInformation
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
DeleteFileW
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSize
IsProcessorFeaturePresent
AreFileApisANSI
GetModuleHandleExW
DecodePointer
EncodePointer
GetTempPathA
SetFilePointerEx
HeapReAlloc
RtlUnwindEx
FileTimeToLocalFileTime
FileTimeToSystemTime
SetStdHandle
FlushFileBuffers
LCMapStringW

user32

LoadStringA
CharPrevA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueA
RegConnectRegistryA
RegCreateKeyA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegSetValueExA
RegSetValueA
RegSaveKeyA
RegLoadKeyA
RegFlushKey
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA

ole32

ProgIDFromCLSID

oleaut32

SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString

Exports

Exports

CommandAdded
DeinitServerExtension
GetExtensionName
InitServerExtension
PyAST_Compile
PyAST_FromNode
PyArena_AddPyObject
PyArena_Free
PyArena_Malloc
PyArena_New
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyBaseObject_Type
PyBaseString_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_FromMemory
PyBuffer_FromObject
PyBuffer_FromReadWriteMemory
PyBuffer_FromReadWriteObject
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_New
PyBuffer_Release
PyBuffer_ToContiguous
PyBuffer_Type
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_Fini
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Init
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyCFunction_Call
PyCFunction_ClearFreeList
PyCFunction_Fini
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCObject_AsVoidPtr
PyCObject_FromVoidPtr
PyCObject_FromVoidPtrAndDesc
PyCObject_GetDesc
PyCObject_Import
PyCObject_SetVoidPtr
PyCObject_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethod_New
PyClassMethod_Type
PyClass_IsSubclass
PyClass_New
PyClass_Type
PyCode_Addr2Line
PyCode_New
PyCode_NewEmpty
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_LookupError
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_XMLCharRefReplaceErrors
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_Fini
PyDict_GetItem
PyDict_GetItemString
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithUnicodeFilename
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithUnicodeFilename
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetFromWindowsErrWithUnicodeFilename
PyErr_SetInterrupt
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_Warn
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetCallStats
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_GetRestricted
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReInitThreads
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BufferError
PyExc_BytesWarning
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EnvironmentError
PyExc_Exception
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_MemoryErrorInst
PyExc_NameError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_RecursionErrorInst
PyExc_ReferenceError
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StandardError
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyFile_AsFile
PyFile_DecUseCount
PyFile_FromFile
PyFile_FromString
PyFile_GetLine
PyFile_IncUseCount
PyFile_Name
PyFile_SetBufSize
PyFile_SetEncoding
PyFile_SetEncodingAndErrors
PyFile_SoftSpace
PyFile_Type
PyFile_WriteObject
PyFile_WriteString
PyFloat_AsDouble
PyFloat_AsReprString
PyFloat_AsString
PyFloat_ClearFreeList
PyFloat_Fini
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Type
PyFrame_BlockPop
PyFrame_BlockSetup
PyFrame_ClearFreeList
PyFrame_FastToLocals
PyFrame_Fini
PyFrame_GetLineNumber
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetModule
PyFunction_New
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_Type
PyFuture_FromAST
PyGC_Collect
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_NeedsFinalizing
PyGen_New
PyGen_Type
PyGetSetDescr_Type
PyImport_AddModule
PyImport_AppendInittab
PyImport_Cleanup
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyInstance_New
PyInstance_NewRaw
PyInstance_Type
PyInt_AsLong
PyInt_AsSsize_t
PyInt_AsUnsignedLongLongMask
PyInt_AsUnsignedLongMask
PyInt_ClearFreeList
PyInt_Fini
PyInt_FromLong
PyInt_FromSize_t
PyInt_FromSsize_t
PyInt_FromString
PyInt_FromUnicode
PyInt_GetMax
PyInt_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Head
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Next
PyList_Append
PyList_AsTuple
PyList_Fini
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicode
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Free
PyMem_Malloc
PyMem_Realloc
PyMemberDescr_Type
PyMember_Get
PyMember_GetOne
PyMember_Set
PyMember_SetOne
PyMemoryView_FromBuffer
PyMemoryView_FromObject
PyMemoryView_GetContiguous
PyMemoryView_Type
PyMethod_Class
PyMethod_ClearFreeList
PyMethod_Fini
PyMethod_Function
PyMethod_New
PyMethod_Self
PyMethod_Type
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyModule_GetDict
PyModule_GetFilename
PyModule_GetName
PyModule_New
PyModule_Type
PyNode_AddChild
PyNode_Compile
PyNode_Free
PyNode_ListTree
PyNode_New
PyNullImporter_Type
PyNumber_Absolute
PyNumber_Add
PyNumber_And
PyNumber_AsSsize_t
PyNumber_Check
PyNumber_Coerce
PyNumber_CoerceEx
PyNumber_Divide
PyNumber_Divmod
PyNumber_Float
PyNumber_FloorDivide
PyNumber_InPlaceAdd
PyNumber_InPlaceAnd
PyNumber_InPlaceDivide
PyNumber_InPlaceFloorDivide
PyNumber_InPlaceLshift
PyNumber_InPlaceMultiply
PyNumber_InPlaceOr
PyNumber_InPlacePower
PyNumber_InPlaceRemainder
PyNumber_InPlaceRshift
PyNumber_InPlaceSubtract
PyNumber_InPlaceTrueDivide
PyNumber_InPlaceXor
PyNumber_Index
PyNumber_Int
PyNumber_Invert
PyNumber_Long
PyNumber_Lshift
PyNumber_Multiply
PyNumber_Negative
PyNumber_Or
PyNumber_Positive
PyNumber_Power
PyNumber_Remainder
PyNumber_Rshift
PyNumber_Subtract
PyNumber_ToBase
PyNumber_TrueDivide
PyNumber_Xor
PyOS_AfterFork
PyOS_FiniInterrupts
PyOS_InitInterrupts
PyOS_InputHook
PyOS_InterruptOccurred
PyOS_Readline
PyOS_ReadlineFunctionPointer
PyOS_ascii_atof
PyOS_ascii_formatd
PyOS_ascii_strtod
PyOS_double_to_string
PyOS_getsig
PyOS_mystricmp
PyOS_mystrnicmp
PyOS_setsig
PyOS_snprintf
PyOS_string_to_double
PyOS_strtol
PyOS_strtoul
PyOS_vsnprintf
PyObject_AsCharBuffer

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_python.x86.dll
.dll windows:5 windows x86 arch:x86

dc57dcd9bdd4e5c34d2baf716a846f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertGetEnhancedKeyUsage
CertFreeCRLContext
CertEnumCRLsInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore

ws2_32

select
__WSAFDIsSet
WSAIoctl
WSASetLastError
WSACleanup
WSAStartup
getprotobyname
getservbyname
getservbyport
gethostname
gethostbyname
gethostbyaddr
socket
shutdown
setsockopt
sendto
send
recvfrom
recv
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError

kernel32

GetCPInfo
GetOEMCP
IsValidCodePage
RaiseException
GetModuleFileNameW
IsDebuggerPresent
GetCommandLineA
LoadLibraryExW
ExitThread
CreateThread
VirtualProtect
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
HeapCompact
GetCurrentProcess
GetLastError
GetFileSize
SetEndOfFile
SetFilePointer
CloseHandle
DuplicateHandle
GetSystemInfo
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetVersion
GetProcessTimes
OpenProcess
TerminateProcess
GetExitCodeProcess
SetLastError
WaitForSingleObject
GetFileInformationByHandle
GetFileType
FindClose
SetFileTime
GetSystemTime
SystemTimeToFileTime
CreatePipe
GetModuleFileNameA
CreateProcessA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
MoveFileW
GenerateConsoleCtrlEvent
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
SetEvent
ResetEvent
Sleep
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleCtrlHandler
DisableThreadLibraryCalls
LocalFree
FormatMessageA
IsBadStringPtrA
IsBadStringPtrW
VirtualAlloc
GetACP
GetLocaleInfoA
WriteFile
ReadFile
GetTickCount
PeekNamedPipe
GetCurrentThreadId
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreA
ExitProcess
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeA
WaitNamedPipeA
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
OutputDebugStringA
GetStdHandle
GetModuleHandleA
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryExA
OutputDebugStringW
GetConsoleCP
GetConsoleOutputCP
GetVersionExA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapAlloc
HeapFree
GetProcessHeap
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LockResource
VirtualQuery
LoadResource
FindResourceA
InitOnceExecuteOnce
InterlockedExchangeAdd
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
ReleaseMutex
CreateMutexA
GetConsoleMode
SetConsoleMode
WriteConsoleW
ReadConsoleInputW
UnlockFileEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
MoveFileA
LockFileEx
ReadConsoleW
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSize
IsProcessorFeaturePresent
AreFileApisANSI
GetModuleHandleExW
GetTempPathA
SetFilePointerEx
HeapReAlloc
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
SetStdHandle
FlushFileBuffers
LCMapStringW

user32

CharPrevA
LoadStringA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueA
RegConnectRegistryA
RegCreateKeyA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegSetValueExA
RegSetValueA
RegSaveKeyA
RegLoadKeyA
RegFlushKey
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA

ole32

ProgIDFromCLSID

oleaut32

SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString

Exports

Exports

CommandAdded
DeinitServerExtension
GetExtensionName
InitServerExtension
PyAST_Compile
PyAST_FromNode
PyArena_AddPyObject
PyArena_Free
PyArena_Malloc
PyArena_New
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyBaseObject_Type
PyBaseString_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_FromMemory
PyBuffer_FromObject
PyBuffer_FromReadWriteMemory
PyBuffer_FromReadWriteObject
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_New
PyBuffer_Release
PyBuffer_ToContiguous
PyBuffer_Type
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_Fini
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Init
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyCFunction_Call
PyCFunction_ClearFreeList
PyCFunction_Fini
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCObject_AsVoidPtr
PyCObject_FromVoidPtr
PyCObject_FromVoidPtrAndDesc
PyCObject_GetDesc
PyCObject_Import
PyCObject_SetVoidPtr
PyCObject_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethod_New
PyClassMethod_Type
PyClass_IsSubclass
PyClass_New
PyClass_Type
PyCode_Addr2Line
PyCode_New
PyCode_NewEmpty
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_LookupError
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_XMLCharRefReplaceErrors
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_Fini
PyDict_GetItem
PyDict_GetItemString
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithUnicodeFilename
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithUnicodeFilename
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetFromWindowsErrWithUnicodeFilename
PyErr_SetInterrupt
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_Warn
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetCallStats
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_GetRestricted
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReInitThreads
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BufferError
PyExc_BytesWarning
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EnvironmentError
PyExc_Exception
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_MemoryErrorInst
PyExc_NameError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_RecursionErrorInst
PyExc_ReferenceError
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StandardError
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyFile_AsFile
PyFile_DecUseCount
PyFile_FromFile
PyFile_FromString
PyFile_GetLine
PyFile_IncUseCount
PyFile_Name
PyFile_SetBufSize
PyFile_SetEncoding
PyFile_SetEncodingAndErrors
PyFile_SoftSpace
PyFile_Type
PyFile_WriteObject
PyFile_WriteString
PyFloat_AsDouble
PyFloat_AsReprString
PyFloat_AsString
PyFloat_ClearFreeList
PyFloat_Fini
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Type
PyFrame_BlockPop
PyFrame_BlockSetup
PyFrame_ClearFreeList
PyFrame_FastToLocals
PyFrame_Fini
PyFrame_GetLineNumber
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetModule
PyFunction_New
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_Type
PyFuture_FromAST
PyGC_Collect
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_NeedsFinalizing
PyGen_New
PyGen_Type
PyGetSetDescr_Type
PyImport_AddModule
PyImport_AppendInittab
PyImport_Cleanup
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyInstance_New
PyInstance_NewRaw
PyInstance_Type
PyInt_AsLong
PyInt_AsSsize_t
PyInt_AsUnsignedLongLongMask
PyInt_AsUnsignedLongMask
PyInt_ClearFreeList
PyInt_Fini
PyInt_FromLong
PyInt_FromSize_t
PyInt_FromSsize_t
PyInt_FromString
PyInt_FromUnicode
PyInt_GetMax
PyInt_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Head
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Next
PyList_Append
PyList_AsTuple
PyList_Fini
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicode
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Free
PyMem_Malloc
PyMem_Realloc
PyMemberDescr_Type
PyMember_Get
PyMember_GetOne
PyMember_Set
PyMember_SetOne
PyMemoryView_FromBuffer
PyMemoryView_FromObject
PyMemoryView_GetContiguous
PyMemoryView_Type
PyMethod_Class
PyMethod_ClearFreeList
PyMethod_Fini
PyMethod_Function
PyMethod_New
PyMethod_Self
PyMethod_Type
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyModule_GetDict
PyModule_GetFilename
PyModule_GetName
PyModule_New
PyModule_Type
PyNode_AddChild
PyNode_Compile
PyNode_Free
PyNode_ListTree
PyNode_New
PyNullImporter_Type
PyNumber_Absolute
PyNumber_Add
PyNumber_And
PyNumber_AsSsize_t
PyNumber_Check
PyNumber_Coerce
PyNumber_CoerceEx
PyNumber_Divide
PyNumber_Divmod
PyNumber_Float
PyNumber_FloorDivide
PyNumber_InPlaceAdd
PyNumber_InPlaceAnd
PyNumber_InPlaceDivide
PyNumber_InPlaceFloorDivide
PyNumber_InPlaceLshift
PyNumber_InPlaceMultiply
PyNumber_InPlaceOr
PyNumber_InPlacePower
PyNumber_InPlaceRemainder
PyNumber_InPlaceRshift
PyNumber_InPlaceSubtract
PyNumber_InPlaceTrueDivide
PyNumber_InPlaceXor
PyNumber_Index
PyNumber_Int
PyNumber_Invert
PyNumber_Long
PyNumber_Lshift
PyNumber_Multiply
PyNumber_Negative
PyNumber_Or
PyNumber_Positive
PyNumber_Power
PyNumber_Remainder
PyNumber_Rshift
PyNumber_Subtract
PyNumber_ToBase
PyNumber_TrueDivide
PyNumber_Xor
PyOS_AfterFork
PyOS_CheckStack
PyOS_FiniInterrupts
PyOS_InitInterrupts
PyOS_InputHook
PyOS_InterruptOccurred
PyOS_Readline
PyOS_ReadlineFunctionPointer
PyOS_ascii_atof
PyOS_ascii_formatd
PyOS_ascii_strtod
PyOS_double_to_string
PyOS_getsig
PyOS_mystricmp
PyOS_mystrnicmp
PyOS_setsig
PyOS_snprintf
PyOS_string_to_double
PyOS_strtol
PyOS_strtoul
PyOS_vsnprintf

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_sniffer.x64.dll
.dll windows:5 windows x64 arch:x64

c86b225d7c034d14a215f4efb5540a2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
htonl
getpeername

kernel32

VirtualFree
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CreateThread
SetThreadPriority
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
VirtualLock
VirtualUnlock
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
WaitForSingleObject
Sleep
DeviceIoControl
IsBadReadPtr
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
GetSystemInfo
GetFileAttributesW
GetVersionExA
HeapAlloc
VirtualAlloc
HeapFree
GetProcessHeap
GetFileSize
ReadFile
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
WriteFile
SetEndOfFile
SetFilePointer
VirtualProtect
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetCurrentProcessId
CompareStringW
CreateFileW
CreateFileA
GetSystemDirectoryW
GetLocalTime
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
PulseEvent
GetLastError
FlushFileBuffers
ReadConsoleW
HeapReAlloc
LCMapStringW
OutputDebugStringW
GetCommandLineA
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

LoadCursorW
MessageBoxW
wsprintfA
SetCursor
EnumThreadWindows
GetParent
GetDesktopWindow
IsWindowVisible
wsprintfW

advapi32

RegQueryValueExW
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_sniffer.x86.dll
.dll windows:5 windows x86 arch:x86

aa6294c141a5a2055de08c5d6b57bb50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htonl
ntohs
getpeername

kernel32

GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CreateThread
SetThreadPriority
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
VirtualLock
VirtualUnlock
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
WaitForSingleObject
Sleep
DeviceIoControl
IsBadReadPtr
GetTickCount
InterlockedIncrement
InterlockedDecrement
InterlockedExchangeAdd
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
GetSystemInfo
VirtualFree
GetVersionExA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetFileSize
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
WriteFile
SetEndOfFile
SetFilePointer
VirtualProtect
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetLocaleInfoW
LCMapStringW
OutputDebugStringW
VirtualAlloc
GetCurrentProcessId
CompareStringW
DeleteFileA
CreateFileW
CreateFileA
GetSystemDirectoryW
GetSystemDirectoryA
GetLocalTime
CloseHandle
lstrcmpA
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
PulseEvent
GetLastError
FlushFileBuffers
ReadConsoleW
GetFileAttributesW
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetCommandLineA
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapSize
VirtualQuery
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

EnumThreadWindows
GetParent
GetDesktopWindow
IsWindowVisible
SetCursor
wsprintfA
MessageBoxW
wsprintfW
LoadCursorW

advapi32

StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
UnlockServiceDatabase

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_stdapi.jar
.jar
data/meterpreter/ext_server_stdapi.php
.ps1
data/meterpreter/ext_server_stdapi.py
.py .js
data/meterpreter/ext_server_stdapi.x64.dll
.dll windows:5 windows x64 arch:x64

e1a1f340bb43416b950ae6b72f5549cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mpr

WNetGetUniversalNameA

netapi32

NetWkstaGetInfo

psapi

GetDeviceDriverFileNameW
EnumDeviceDrivers
GetDeviceDriverBaseNameW

winmm

sndPlaySoundA
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInOpen

iphlpapi

GetIpNetTable
GetUdpTable
GetIfEntry
GetIpAddrTable
GetIpForwardTable
CreateIpForwardEntry
DeleteIpForwardEntry
GetTcpTable

shlwapi

SHDeleteKeyW

ws2_32

select
recv
connect
closesocket
WSAAddressToStringA
getsockname
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
send
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htons
ntohs
htonl
listen
recvfrom
shutdown
WSACreateEvent
WSAEventSelect
WSASocketA
accept
getservbyname
bind
sendto
ntohl
setsockopt

kernel32

GetStartupInfoW
DeleteCriticalSection
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetLastError
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetProcAddress
CloseHandle
GetModuleHandleA
FreeLibrary
GlobalFree
LoadLibraryA
GetSystemDirectoryA
SetLastError
FindClose
lstrcmpiW
lstrcpyW
lstrlenW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
GetLogicalDrives
GetDriveTypeW
GetSystemDefaultLCID
GetVersionExA
ResetEvent
Sleep
OpenProcess
GetCurrentProcess
VirtualAlloc
VirtualAllocEx
TerminateProcess
ReadProcessMemory
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
VirtualFreeEx
RtlLookupFunctionEntry
VirtualQueryEx
VirtualLock
VirtualUnlock
GetCurrentProcessId
GetCurrentThread
WaitForSingleObject
WriteFile
ReadFile
CreatePipe
PeekNamedPipe
GetConsoleCP
OpenThread
TerminateThread
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetExitCodeThread
WaitForSingleObjectEx
LocalFree
GetLocalTime
GetTimeZoneInformation
GetEnvironmentVariableW
GetComputerNameA
GetLocaleInfoA
GetHandleInformation
GetTickCount
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
HeapAlloc
HeapFree
GetProcessHeap
CreateThread
GetSystemTime
GetTimeFormatW
GetDateFormatW
LockResource
LoadResource
SizeofResource
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
SetEndOfFile
SetEvent
CreateEventA
GetModuleFileNameW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
GetCommandLineA
WideCharToMultiByte
DecodePointer
EncodePointer
RtlUnwindEx
MultiByteToWideChar
HeapReAlloc
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
RtlPcToFileHeader
RaiseException
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateProcessA
RtlCaptureContext
FlushFileBuffers
OutputDebugStringW
GetStringTypeW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
CreateFileW
HeapSize
SetEnvironmentVariableA
VirtualProtectEx
FormatMessageA

user32

RegisterClassExA
UnregisterClassA
DefWindowProcA
CreateWindowExA
DestroyWindow
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetKeyNameTextW
SendInput
MapVirtualKeyA
DispatchMessageA
TranslateMessage
GetMessageA
ToUnicodeEx
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
EnumWindowStationsA
OpenWindowStationA
CloseDesktop
SetThreadDesktop
SwitchDesktop
EnumDesktopsA
OpenDesktopA
ExitWindowsEx
wsprintfW
GetForegroundWindow
EnumChildWindows
GetWindowThreadProcessId
GetSystemMetrics
SendMessageA

advapi32

RegOpenKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
LookupAccountSidW
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
ClearEventLogA
CloseEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogA
ReadEventLogA
RevertToSelf
ImpersonateLoggedOnUser
ConvertSidToStringSidA
RegLoadKeyW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_stdapi.x86.dll
.dll windows:5 windows x86 arch:x86

1925d45456b8d65784b2114554b9f78a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetGetUniversalNameA

netapi32

NetWkstaGetInfo

psapi

GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW
EnumDeviceDrivers

winmm

sndPlaySoundA
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInOpen

iphlpapi

GetIpNetTable
GetUdpTable
GetIfEntry
GetIpAddrTable
GetIpForwardTable
CreateIpForwardEntry
DeleteIpForwardEntry
GetTcpTable

shlwapi

SHDeleteKeyW

ws2_32

select
recv
connect
closesocket
WSAAddressToStringA
getsockname
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
send
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htons
ntohs
htonl
listen
recvfrom
shutdown
WSACreateEvent
WSAEventSelect
WSASocketA
accept
getservbyname
bind
sendto
ntohl
setsockopt

kernel32

GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
GetStdHandle
GetLastError
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetProcAddress
CloseHandle
GetModuleHandleA
FreeLibrary
GlobalFree
LoadLibraryA
GetSystemDirectoryA
SetLastError
FindClose
lstrcmpiW
lstrcpyW
lstrlenW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
GetLogicalDrives
GetDriveTypeW
GetSystemDefaultLCID
GetVersionExA
ResetEvent
Sleep
OpenProcess
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
GetThreadContext
SetThreadContext
VirtualFreeEx
VirtualProtectEx
GetEnvironmentStringsW
ReadProcessMemory
VirtualLock
VirtualUnlock
GetCurrentProcessId
TerminateProcess
GetCurrentThread
ResumeThread
WaitForSingleObject
WriteFile
ReadFile
DeleteCriticalSection
PeekNamedPipe
CreateProcessA
OpenThread
TerminateThread
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetExitCodeThread
WaitForSingleObjectEx
LocalFree
GetLocalTime
GetTimeZoneInformation
GetEnvironmentVariableW
GetComputerNameA
GetLocaleInfoA
GetHandleInformation
GetTickCount
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
HeapAlloc
HeapFree
GetProcessHeap
CreateThread
GetSystemTime
GetTimeFormatW
GetDateFormatW
LockResource
LoadResource
SizeofResource
ExpandEnvironmentStringsA
FindResourceA
SetEndOfFile
DeleteFileA
FormatMessageA
SetEvent
CreateEventA
IsProcessorFeaturePresent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
HeapReAlloc
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
GetStartupInfoW
GetConsoleCP
RtlUnwind
VirtualQuery
RaiseException
GetModuleFileNameA
QueryPerformanceCounter
CreatePipe
GetSystemTimeAsFileTime
FlushFileBuffers
OutputDebugStringW
GetStringTypeW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
CreateFileW
HeapSize
SetEnvironmentVariableA
VirtualQueryEx
GetFileAttributesA

user32

RegisterClassExA
UnregisterClassA
DefWindowProcA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
ToUnicodeEx
EnumChildWindows
GetWindowThreadProcessId
GetSystemMetrics
CreateWindowExA
DestroyWindow
GetKeyState
GetAsyncKeyState
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
EnumWindowStationsA
OpenWindowStationA
CloseDesktop
SetThreadDesktop
SwitchDesktop
EnumDesktopsA
OpenDesktopA
ExitWindowsEx
wsprintfW
GetKeyboardState
GetKeyNameTextW
SendInput
MapVirtualKeyA
GetForegroundWindow

advapi32

RegDeleteKeyW
RegConnectRegistryW
RegCloseKey
LookupAccountSidW
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
ClearEventLogA
CloseEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogA
ReadEventLogA
RevertToSelf
ImpersonateLoggedOnUser
ConvertSidToStringSidA
RegCreateKeyExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_unhook.x64.dll
.dll windows:5 windows x64 arch:x64

1703aeb43c01a8f109a4e74329c12f29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
GetModuleHandleW
CreateFileW
GetLastError
HeapFree
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_unhook.x86.dll
.dll windows:5 windows x86 arch:x86

699165a8d26c3b49923fb81586978aad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
GetModuleHandleW
CreateFileW
GetLastError
HeapFree
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_winpmem.x64.dll
.dll windows:5 windows x64 arch:x64

c233b583d4eb4fbb16f762001ae07758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
SetFilePointerEx
CloseHandle
SetHandleInformation
GetNativeSystemInfo
CreatePipe
ReadFile
FindResourceW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
CreateFileW
DeleteFileW
WriteFile
GetStdHandle
SizeofResource
LoadResource
GetLastError
GlobalMemoryStatusEx
CreateProcessW
LockResource
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
RtlPcToFileHeader
RaiseException
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
IsDebuggerPresent
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
StartServiceW

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_winpmem.x86.dll
.dll windows:5 windows x86 arch:x86

2bcbfa3fb95560a777e4d82196db1a8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
SetFilePointerEx
CloseHandle
SetHandleInformation
GetNativeSystemInfo
CreatePipe
ReadFile
FindResourceW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
CreateFileW
DeleteFileW
WriteFile
GetStdHandle
SizeofResource
LoadResource
GetLastError
GlobalMemoryStatusEx
CreateProcessW
LockResource
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
RaiseException
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
IsDebuggerPresent
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
StartServiceW

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/meterpreter.jar
.jar
data/meterpreter/meterpreter.php
.ps1
data/meterpreter/meterpreter.py
.sh .js linux polyglot
data/meterpreter/metsrv.x64.dll
.dll windows:5 windows x64 arch:x64

0907fa130fac126ff0bb37eba930cd71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
htonl
freeaddrinfo
getaddrinfo
WSADuplicateSocketA
WSAGetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept
htons

crypt32

CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptStringToBinaryA
CertGetCertificateContextProperty

wininet

InternetOpenW
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW

winhttp

WinHttpOpen
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryOption
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl

kernel32

EnterCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetLastError
WriteProcessMemory
CloseHandle
DuplicateHandle
CreateEventW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
OpenThread
SetLastError
SuspendThread
ResumeThread
Sleep
LoadLibraryA
GetVersionExW
LeaveCriticalSection
Thread32First
Thread32Next
FlushInstructionCache
VirtualProtect
VirtualQuery
LoadLibraryW
GetModuleHandleA
ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
LocalFree
WriteFile
GetSystemDirectoryW
CreateFileA
GetVolumeInformationW
GetComputerNameW
CreateRemoteThread
GetThreadId
WaitForMultipleObjects
LocalAlloc
GetOverlappedResult
ResetEvent
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
GetCurrentThreadId
SetHandleInformation
FlushFileBuffers
PeekNamedPipe
CreateFileW
CreateNamedPipeW
GlobalFree
CreateThread
TerminateThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
SetStdHandle
WriteConsoleW
CreateToolhelp32Snapshot
SetNamedPipeHandleState
GetModuleHandleExW
HeapFree
HeapAlloc
RtlUnwindEx
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
EncodePointer
DecodePointer

user32

GetProcessWindowStation
GetUserObjectInformationW
GetThreadDesktop

advapi32

SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ImpersonateLoggedOnUser
OpenThreadToken

ole32

CoCreateGuid

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/metsrv.x86.dll
.dll windows:5 windows x86 arch:x86

6b298749729d6686dffc6fab0dc2ea1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
htonl
freeaddrinfo
getaddrinfo
WSADuplicateSocketA
WSAGetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept
htons

crypt32

CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptStringToBinaryA
CertGetCertificateContextProperty

wininet

InternetOpenW
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW

winhttp

WinHttpOpen
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryOption
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl

kernel32

EnterCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
RaiseException
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
RtlUnwind
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetLastError
WriteProcessMemory
CloseHandle
DuplicateHandle
CreateEventW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
VirtualQueryEx
OpenThread
SetLastError
SuspendThread
ResumeThread
Sleep
LoadLibraryA
LeaveCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FlushInstructionCache
VirtualProtect
VirtualQuery
LoadLibraryW
GetModuleHandleA
ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
LocalFree
WriteFile
GetSystemDirectoryW
CreateFileA
GetVolumeInformationW
GetComputerNameW
CreateRemoteThread
GetThreadId
WaitForMultipleObjects
LocalAlloc
GetOverlappedResult
ResetEvent
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
FlushFileBuffers
SetHandleInformation
SetNamedPipeHandleState
PeekNamedPipe
CreateFileW
CreateNamedPipeW
GlobalFree
CreateThread
TerminateThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
SetStdHandle
WriteConsoleW
GetVersionExW
GetCurrentThreadId
GetModuleHandleExW
GetProcessHeap
VirtualProtectEx
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA

user32

GetProcessWindowStation
GetUserObjectInformationW
GetThreadDesktop

advapi32

SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ImpersonateLoggedOnUser
OpenThreadToken

ole32

CoCreateGuid

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/screenshot.x64.dll
.dll windows:5 windows x64 arch:x64

076dafe7e285e814b4e9b64d814f4ef9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CreateFileA
GetVersionExA
ReadFile
CreateFileW
SetEnvironmentVariableA
WriteConsoleW
GetHandleInformation
HeapSize
HeapReAlloc
LCMapStringW
CompareStringW
CloseHandle
WriteFile
GetLastError
ExitThread
GetCurrentThreadId
GetProcAddress
FreeLibrary
GlobalFree
LocalAlloc
SetStdHandle
GlobalAlloc
HeapFree
HeapAlloc
GetCommandLineA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetFilePointerEx
GetStringTypeW
ReadConsoleW

user32

GetDesktopWindow
ReleaseDC
GetDC
GetSystemMetrics
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetDIBits
StretchBlt

advapi32

RevertToSelf

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/screenshot.x86.dll
.dll windows:5 windows x86 arch:x86

c14e539c86defe89b53d81d6e720c52c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CreateFileA
GetVersionExA
ReadFile
CreateFileW
SetEnvironmentVariableA
WriteConsoleW
GetHandleInformation
HeapSize
HeapReAlloc
RtlUnwind
LCMapStringW
CompareStringW
CloseHandle
WriteFile
GetLastError
ExitThread
GetCurrentThreadId
GetProcAddress
FreeLibrary
GlobalFree
LocalAlloc
SetStdHandle
GlobalAlloc
HeapFree
HeapAlloc
GetCommandLineA
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetFilePointerEx
GetStringTypeW
ReadConsoleW

user32

GetDesktopWindow
ReleaseDC
GetDC
GetSystemMetrics
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetDIBits
StretchBlt

advapi32

RevertToSelf

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib/metasploit-payloads.rb
lib/metasploit-payloads/version.rb
metasploit-payloads.gemspec
data.tar.gz.sig
metadata.gz
.gz
metadata
metadata.gz.sig

Sharing

General

Malware Config

Signatures

Files

0488da1988e5da3ab85ac50897661d0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

7c5f250ba58f1406db94bb7f2181ad77

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 3KB

e77a5fe458b7a76c0ed315404b343deb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

5656efd599672c5c9ed1d422e812d187

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 4KB

cf208ece67932e6b7f27e2e7edb98e3b

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

activeds

esent

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 9KB - Virtual size: 18KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 7KB - Virtual size: 15KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB