96d665995635c8b86d14ee9e4ca8c110_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96d665995635c8b86d14ee9e4ca8c110_JaffaCakes118
Size

468KB
MD5

96d665995635c8b86d14ee9e4ca8c110
SHA1

741bf8d214502f3c5befc2c07c0bd1b025457cfa
SHA256

3f972f122d477d651a075105de972de44699bacf65160c417df57659d2121213
SHA512

5a08815a4fb81fb8cfbb98f4751276a7f536bdc9702d63337b416e1251873b4f051f9b0ae73116572bb0c0ef8ad2790c869e660313080b90fb8ebbd55487d5b6
SSDEEP

6144:Ve34w12uoRlo2BFIJLNzOBS44lxytTsRRpTdwqQo5D8jCkjQC/EvK89E18:IxpJLxOBS4uMKh+Wk98vKOY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/CustomBrandingURL.dll
unpack001/$PLUGINSDIR/CustomInetc.dll
unpack001/$PLUGINSDIR/CustomNSISdl.dll
unpack001/$PLUGINSDIR/FloatingProgress.dll
unpack001/$PLUGINSDIR/LuaBridge.dll
unpack001/$PLUGINSDIR/LuaSocket/mime/core.dll
unpack001/$PLUGINSDIR/LuaSocket/socket/core.dll
unpack001/$PLUGINSDIR/LuaXml_lib.dll
unpack001/$PLUGINSDIR/NotifyIcon.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/customnsWeb.dll
unpack001/$PLUGINSDIR/lua51.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisunz.dll
unpack001/$PLUGINSDIR/un.package.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

96d665995635c8b86d14ee9e4ca8c110_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

29:52:9b:0d:18:5f:85:25:a9:2a:86:6d:4a:38:da:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03/04/2010, 00:00

Not After

29/05/2013, 23:59

Subject

CN=Download Admin,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Download Admin,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ComScore.lua
$PLUGINSDIR/CustomBrandingURL.dll
.dll windows:5 windows x86 arch:x86

82f18b0f522c05f362fb12db10cdf296

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
lstrcpyA
HeapAlloc
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
ClientToScreen
RedrawWindow
ShowWindow
SetWindowTextA
GetDlgItem
SetWindowLongA
EnableWindow
LoadImageA
SetPropA
GetWindowLongA
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
GetCapture

gdi32

SetTextColor
CreateFontIndirectA
GetObjectA

shell32

ShellExecuteA

Exports

Exports

Init
Set
Unload
Update

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1005B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomInetc.dll
.dll windows:4 windows x86 arch:x86

cb0a607a2c9593bb9c969e6ca75c2b88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strtol
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
atoi
_mbsrchr
strtoul
memset
_mbsstr
_mbschr
strlen

kernel32

DeleteFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatA

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
GetWindowLongA
IsWindow
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SetWindowTextA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

delayed_hide
get
head
http_check
post
put

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomNSISdl.dll
.dll windows:5 windows x86 arch:x86

2068444423a6f5ed963b10359bd04f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

__WSAFDIsSet
socket
recv
shutdown
htons
WSAGetLastError
select
connect
ioctlsocket
WSACleanup
WSAStartup
closesocket
send
inet_addr
gethostbyname

kernel32

GetProcessHeap
HeapAlloc
DeleteFileA
GlobalFree
MulDiv
Sleep
GlobalAlloc
WriteFile
GetTickCount
CreateFileA
lstrcatA
WaitForSingleObject
lstrcmpiA
CloseHandle
CreateThread
lstrcpyA
lstrlenA
lstrcpynA

user32

ShowWindow
wvsprintfA
DestroyWindow
GetWindowRect
GetFocus
FindWindowExA
GetClientRect
CharPrevA
SendMessageA
RegisterWindowMessageA
SetWindowLongA
GetWindowLongA
CreateWindowExA
wsprintfA
SetDlgItemTextA
CallWindowProcA
EnableWindow
SetWindowTextA
IsWindowVisible
GetDlgItem

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

download
download_cancel
download_embedded
download_quiet
download_reset

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FloatingProgress.dll
.dll windows:5 windows x86 arch:x86

1806d0504ce03d24690879c2a67010a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
CreateEventA
CreateThread
lstrcpynA
GlobalAlloc

user32

DialogBoxParamA
LoadCursorA
DispatchMessageA
LoadAcceleratorsA
DefWindowProcA
EndDialog
GetDlgItem
TranslateAcceleratorA
CreateWindowExA
TranslateMessage
SendMessageA
LoadIconA
LoadStringA
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
wsprintfA

Exports

Exports

hideFloatingProgress
showFloatingProgress
wasCancelled

Sections

.text
Size: 1024B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 246B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GuiInit.lua
$PLUGINSDIR/LuaBridge.dll
.dll windows:5 windows x86 arch:x86

d0696ebd68bdc26f74cf16e55f8273e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Programming\MonotoneHome\WorkingDir\Employers\Franco\TightRope-BundleManager\Custom\LuaBridge\Release\LuaBridge.pdb

Imports

lua51

luaL_loadfile
luaL_loadstring
lua_pcall
lua_settop
luaL_newstate
luaL_openlibs
luaL_openlib
lua_pushfstring
lua_isnumber
lua_tointeger
lua_pushinteger
lua_pushnumber
lua_pushnil
lua_gettop
lua_isstring
lua_pushstring
lua_error
lua_tolstring

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

GlobalFree
LoadLibraryA
lstrcmpiA
ExpandEnvironmentStringsA
lstrlenA
GlobalAlloc
lstrcpynA
lstrcpyA

user32

FindWindowExA
MessageBoxA
SendMessageA
SetWindowPos
SetWindowLongA
wvsprintfA
GetWindowLongA

Exports

Exports

eval
exec
execFile
init

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LuaSocket/lua/ltn12.lua
.js
$PLUGINSDIR/LuaSocket/lua/mime.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/ftp.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/http.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/smtp.lua
$PLUGINSDIR/LuaSocket/lua/socket/tp.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/url.lua
$PLUGINSDIR/LuaSocket/mime/core.dll
.dll windows:4 windows x86 arch:x86

fe8e49b45d854066bc51a41f61066908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua51

luaL_checkinteger
luaL_addlstring
lua_tolstring
lua_pushlstring
luaL_checknumber
luaL_optlstring
luaL_optnumber
lua_pushnil
luaL_buffinit
luaL_addstring
luaL_prepbuffer
luaL_pushresult
lua_pushnumber
luaL_openlib
lua_pushstring
lua_rawset

kernel32

GetEnvironmentStringsW
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar

Exports

Exports

luaopen_mime_core

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LuaSocket/socket/core.dll
.dll windows:4 windows x86 arch:x86

f7bb4b78321004f93f7e54fe50af1981

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
CloseHandle
FlushFileBuffers
ReadFile
RtlUnwind
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
MultiByteToWideChar
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
InterlockedIncrement
InterlockedDecrement
WriteFile
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleA
GetProcAddress
GetVersion
GetCommandLineA

lua51

lua_pushlstring
lua_newuserdata
lua_call
luaL_checknumber
luaL_checkinteger
luaL_openlib
lua_settable
lua_insert
lua_pcall
luaL_optlstring
luaL_buffinit
luaL_addlstring
luaL_pushresult
lua_pushvalue
lua_replace
lua_gettop
luaL_checklstring
lua_pushnil
luaL_optnumber
lua_isnumber
lua_tonumber
lua_pushnumber
luaL_checkudata
lua_rawget
lua_setmetatable
luaL_argerror
lua_typename
luaL_typerror
lua_toboolean
lua_getfield
lua_pushboolean
lua_getmetatable
lua_gettable
lua_type
lua_isstring
lua_error
lua_touserdata
lua_tolstring
lua_pushfstring
luaL_newmetatable
lua_pushstring
lua_createtable
lua_rawset
lua_pushcclosure
lua_settop
luaL_prepbuffer

ws2_32

getpeername
ntohs
htons
htonl
setsockopt
gethostname
inet_ntoa
gethostbyname
gethostbyaddr
ioctlsocket
recvfrom
recv
sendto
send
accept
listen
bind
connect
getsockopt
socket
shutdown
closesocket
select
WSAGetLastError
__WSAFDIsSet
WSAStartup
WSACleanup
getsockname

Exports

Exports

luaopen_socket_core

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LuaXml.lua
$PLUGINSDIR/LuaXml_lib.dll
.dll windows:4 windows x86 arch:x86

0e4b7cfc82eb1d2e2840274f1659b95a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
__mb_cur_max
_errno
_iob
_isctype
_pctype
abort
fclose
fflush
fopen
fprintf
fread
free
fseek
ftell
malloc
memcpy
realloc
rewind
strcmp
strcpy
strncmp
strncpy
strstr

lua51

luaL_addlstring
luaL_addstring
luaL_buffinit
luaL_checklstring
luaL_error
luaL_gsub
luaL_prepbuffer
luaL_pushresult
luaL_register
lua_createtable
lua_getfield
lua_gettable
lua_gettop
lua_isuserdata
lua_objlen
lua_pushlightuserdata
lua_pushlstring
lua_pushnumber
lua_pushstring
lua_remove
lua_replace
lua_setmetatable
lua_settable
lua_settop
lua_tolstring
lua_touserdata

Exports

Exports

luaopen_LuaXML_lib

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NotifyIcon.dll
.dll windows:4 windows x86 arch:x86

e043e246d8abcbb9de2ad82c6e18cd88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

Shell_NotifyIconA

kernel32

GetProcAddress
lstrcpyA
lstrlenA
lstrcpynA
GlobalAlloc
GlobalFree
GetModuleHandleA

user32

CallWindowProcA
LoadImageA
ShowWindow
GetDlgItem
GetWindowLongA
SetWindowLongA
SendMessageA
FindWindowExA
wsprintfA
KillTimer
IsIconic
OpenIcon
SetTimer

Exports

Exports

Icon

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/__localxml.xml
$PLUGINSDIR/cancel.html
.html
$PLUGINSDIR/customnsWeb.dll
.dll windows:5 windows x86 arch:x86

d7196cb8011df8547526f5301a9fe82a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetAttemptConnect

urlmon

CreateURLMoniker

kernel32

HeapAlloc
lstrcpynA
lstrcpyA
MultiByteToWideChar
GlobalFree
GlobalAlloc
HeapFree
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA

user32

DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
UpdateWindow
ShowWindow
MoveWindow
MapWindowPoints
GetWindowRect
SendMessageA
CreateDialogParamA
GetDlgItem
PostMessageA
GetClientRect
GetWindowLongA
SetWindowLongA
CallWindowProcA

ole32

OleCreate
OleSetContainedObject
OleUninitialize
OleInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreate
SysAllocStringLen

Exports

Exports

CreateNestedBrowser
IsInet
OleInit
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/definitions.lua
$PLUGINSDIR/lua51.dll
.dll windows:4 windows x86 arch:x86

0b930a47b5846bb154dc0be3d35f00ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fread
strerror
_errno
realloc
free
fprintf
fputs
_pctype
__mb_cur_max
_isctype
strtoul
_ftol
floor
_CIpow
fgets
exit
longjmp
_setjmp3
_popen
tmpfile
clearerr
fscanf
fwrite
ftell
fseek
setvbuf
fflush
_pclose
localeconv
_CIsinh
_CIcosh
_CItanh
_CIasin
_CIacos
ceil
_iob
modf
frexp
ldexp
rand
srand
_HUGE
strrchr
getenv
strtod
sprintf
strncat
strcspn
strncpy
system
remove
rename
tmpnam
clock
strftime
localtime
gmtime
time
mktime
difftime
setlocale
tolower
toupper
strpbrk
memchr
strcoll
_initterm
malloc
_adjust_fdiv
getc
freopen
fopen
ungetc
fclose
strchr
_CIfmod
strstr

kernel32

GetModuleFileNameA
FreeLibrary
GetProcAddress
GetLastError
FormatMessageA
LoadLibraryA
DisableThreadLibraryCalls

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlevel
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:4 windows x86 arch:x86

0f92772da9c737d2bac38919e9863980

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
lstrcatA
lstrlenA
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
CreateFileA
WriteFile
ReadFile
CloseHandle
SetFilePointer

user32

MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
CharPrevA
wsprintfA
SendMessageA
GetDlgItem
FindWindowExA

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/un.package.exe
.exe windows:5 windows x86 arch:x86

35b698a6fd5038f719a27b089cb1f48e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\Projects\Employers\Franco\TightRope-BundleManager\Custom\Scramble\Release\Scramble.pdb

Imports

kernel32

lstrcpyA
HeapAlloc
GetProcessHeap
lstrlenA
GetCommandLineA
WriteFile
FormatMessageA
GetLastError
CloseHandle
ReadFile
CreateFileA
ExitProcess

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/utils.lua

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

29:52:9b:0d:18:5f:85:25:a9:2a:86:6d:4a:38:da:3aCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 180KB

.rsrc Size: 187KB - Virtual size: 186KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

82f18b0f522c05f362fb12db10cdf296

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 1005B

.data Size: 512B - Virtual size: 576B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 390B

cb0a607a2c9593bb9c969e6ca75c2b88

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

29:52:9b:0d:18:5f:85:25:a9:2a:86:6d:4a:38:da:3a
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 180KB

.rsrc
Size: 187KB - Virtual size: 186KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1005B

.data
Size: 512B - Virtual size: 576B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 390B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 870B

.rdata
Size: 1024B - Virtual size: 850B

.data
Size: - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 528B

.reloc
Size: 512B - Virtual size: 246B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB