main
Static task
static1
Behavioral task
behavioral1
Sample
saved from malware.7z
Resource
win11-20240802-en
General
-
Target
saved from malware.7z
-
Size
221.2MB
-
MD5
4bbc54320807c97bc1877e27381ab2bc
-
SHA1
7c140610d8c4534929e2ae46192647b3fcc0a0c8
-
SHA256
1c4b4534f2cc5f8ce484d9fc8330294254bb617af8c9ba893d23b0e7e72c3872
-
SHA512
729e425896aea8397c38be27b02b1db4e88908982b44ed0a7f32e247b277602ebfc57ea41b8ab64923b20c69688c5d5d05e823a86ad54a55c0fed3ac217fdd11
-
SSDEEP
3145728:LPuwsv1jkJkEIHQYOXk3DfvTQc2wAYfjqJV1RnCQ0DDzwJg1nGkciRWgenMpkTX6:LPuwsv1wgfzvTLMYfjqVkRGtnykTXBU
Malware Config
Extracted
cobaltstrike
391144938
http://123.207.55.181:80/match
-
access_type
512
-
host
123.207.55.181,/match
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVbfK+aNqW68J4Ay8nuTPwy/YyzgEWgKb15Nlriq/m6jzu4pl/djNPmAw/hxNxanb6RunI1tnl0c97uAJ8JX7W535XzES5Vq6HLKbMGw6bCAh90FsfHLkllLJ1ytX1ALKEF7tCAtFFg1u+MLBQbnMNGnszM82Ce2Djv51ux3lIVQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)
-
watermark
391144938
Extracted
phorphiex
http://185.215.113.66/
http://77.91.77.92/
http://91.202.233.141/
0xCa90599132C4D88907Bd8E046540284aa468a035
TRuGGXNDM1cavQ1AqMQHG8yfxP4QWVSMN6
qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
XryzFMFVpDUvU7famUGf214EXD3xNUSmQf
LLeT2zkStY3cvxMBFhoWXkG5VuZPoezduv
rwc4LVd9ABpULQ1CuCpDkgX2xVB1fUijyb
4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK
15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC
17hgMFyLDwMjxWqw5GhijhnPdJDyFDqecY
ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp
3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc
3FerB8kUraAVGCVCNkgv57zTBjUGjAUkU3
DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA
t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh
stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj
bnb1epx67ne4vckqmaj4gwke8m322f4yjr6eh52wqw
bc1qmpkehfffkr6phuklsksnd7nhgx0369sxu772m3
bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3
-
mutex
x66x54x66x
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Extracted
redline
38.180.203.208:14238
185.215.113.9:12617
Extracted
metasploit
windows/reverse_tcp
103.42.55.251:8080
Extracted
redline
kir
147.45.44.73:6282
Extracted
nanocore
1.2.2.0
91.92.240.41:7575
7029ef73-6025-47e5-b0d0-fb5b27c261b8
-
activate_away_mode
false
-
backup_connection_host
91.92.240.41
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2024-05-23T20:48:22.996317836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
7575
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
7029ef73-6025-47e5-b0d0-fb5b27c261b8
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
91.92.240.41
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
5000
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1604
127.0.0.1:22253
eu-central-7075.packetriot.net:6606
eu-central-7075.packetriot.net:7707
eu-central-7075.packetriot.net:8808
eu-central-7075.packetriot.net:1604
eu-central-7075.packetriot.net:22253
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule static1/unpack001/saved from malware/a/stub.exe family_asyncrat -
Asyncrat family
-
Cobaltstrike family
-
Detect Xworm Payload 1 IoCs
resource yara_rule static1/unpack001/saved from malware/a/msedge.exe family_xworm -
Metasploit family
-
Mimikatz family
-
Nanocore family
-
Phorphiex family
-
Phorphiex payload 16 IoCs
resource yara_rule static1/unpack001/saved from malware/Files/1.exe family_phorphiex static1/unpack001/saved from malware/Files/11.exe family_phorphiex static1/unpack001/saved from malware/Files/a.exe family_phorphiex static1/unpack001/saved from malware/Files/m.exe family_phorphiex static1/unpack001/saved from malware/Files/newtpp.exe family_phorphiex static1/unpack001/saved from malware/Files/o.exe family_phorphiex static1/unpack001/saved from malware/Files/pi.exe family_phorphiex static1/unpack001/saved from malware/Files/pp.exe family_phorphiex static1/unpack001/saved from malware/Files/r.exe family_phorphiex static1/unpack001/saved from malware/Files/s.exe family_phorphiex static1/unpack001/saved from malware/Files/t.exe family_phorphiex static1/unpack001/saved from malware/Files/t1.exe family_phorphiex static1/unpack001/saved from malware/Files/t2.exe family_phorphiex static1/unpack001/saved from malware/Files/tdrpload.exe family_phorphiex static1/unpack001/saved from malware/Files/tt.exe family_phorphiex static1/unpack001/saved from malware/Files/twztl.exe family_phorphiex -
RedLine payload 3 IoCs
resource yara_rule static1/unpack001/saved from malware/Files/4ck3rr.exe family_redline static1/unpack001/saved from malware/a/cookie250.exe family_redline static1/unpack001/saved from malware/a/exec.exe family_redline -
Redline family
-
SectopRAT payload 1 IoCs
resource yara_rule static1/unpack001/saved from malware/a/authenticator.exe family_sectoprat -
Sectoprat family
-
XMRig Miner payload 2 IoCs
resource yara_rule static1/unpack001/saved from malware/Files/xmrig.exe xmrig static1/unpack001/saved from malware/Files/xmrig.exe family_xmrig -
Xmrig family
-
Xworm family
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
resource yara_rule static1/unpack001/saved from malware/Files/mimikatz.exe mimikatz -
resource yara_rule static1/unpack001/saved from malware/Files/%E5%B0%8F%E9%B8%A1%E5%85%A5%E4%BE%B5%E8%80%853.exe upx static1/unpack001/saved from malware/Files/Crack.exe upx static1/unpack001/saved from malware/Files/DelHosts.exe upx static1/unpack001/saved from malware/Files/DownSysSoft.exe upx static1/unpack001/saved from malware/Files/Downaqzh.exe upx static1/unpack001/saved from malware/Files/Downdd.exe upx static1/unpack001/saved from malware/Files/Downggzh.exe upx static1/unpack001/saved from malware/Files/Downty.exe upx static1/unpack001/saved from malware/Files/clear.exe upx static1/unpack001/saved from malware/Files/firefox.exe upx static1/unpack001/saved from malware/Files/pocketrar350sc.exe upx static1/unpack001/saved from malware/a/OpenArk32.exe upx static1/unpack001/saved from malware/a/OpenArk64.exe upx -
AutoIT Executable 4 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack004/out.upx autoit_exe static1/unpack007/out.upx autoit_exe static1/unpack008/out.upx autoit_exe static1/unpack009/out.upx autoit_exe -
Detects Pyinstaller 2 IoCs
resource yara_rule static1/unpack001/saved from malware/Files/pered.exe pyinstaller static1/unpack001/saved from malware/a/networks_profile.exe pyinstaller -
Embeds OpenSSL 1 IoCs
Embeds OpenSSL, may be used to circumvent TLS interception.
resource yara_rule static1/unpack001/saved from malware/Files/66b09d7d34310_DefragManager.exe embeds_openssl -
Unsigned PE 125 IoCs
Checks for missing Authenticode signature.
resource unpack001/saved from malware/Files/%E4%BA%94%E5%91%B3%E4%BC%A0%E5%A5%87.exe unpack001/saved from malware/Files/%E5%B0%8F%E9%B8%A1%E5%85%A5%E4%BE%B5%E8%80%853.exe unpack002/out.upx unpack001/saved from malware/Files/1.exe unpack001/saved from malware/Files/11.exe unpack001/saved from malware/Files/1111.exe unpack001/saved from malware/Files/4ck3rr.exe unpack001/saved from malware/Files/66ab1b27ae40b_BotClient.exe5wDUFGqU3QeuQlEX unpack001/saved from malware/Files/66ae9b239854c_crypto.exe unpack001/saved from malware/Files/66b1c36969eae_main.exe unpack001/saved from malware/Files/66b7a2aef1283_doz.exe unpack001/saved from malware/Files/Crack.exe unpack003/out.upx unpack001/saved from malware/Files/DelHosts.exe unpack004/out.upx unpack001/saved from malware/Files/DownSysSoft.exe unpack001/saved from malware/Files/Downaqzh.exe unpack001/saved from malware/Files/Downdd.exe unpack007/out.upx unpack001/saved from malware/Files/Downggzh.exe unpack008/out.upx unpack001/saved from malware/Files/Downty.exe unpack009/out.upx unpack001/saved from malware/Files/JQMain.exe unpack001/saved from malware/Files/L.exe unpack001/saved from malware/Files/M5traider.exe unpack001/saved from malware/Files/Meredrop.exe unpack001/saved from malware/Files/PXHMAIN.exe unpack001/saved from malware/Files/Project_8.exe unpack001/saved from malware/Files/SvCpJuhbT.exe unpack001/saved from malware/Files/a.exe unpack001/saved from malware/Files/aaa.exe unpack001/saved from malware/Files/abc.exe unpack001/saved from malware/Files/amadey.exe unpack001/saved from malware/Files/build_2024-07-27_00-41.exe unpack001/saved from malware/Files/clear.exe unpack001/saved from malware/Files/cmd/uninstall.exe unpack001/saved from malware/Files/ds.exe unpack001/saved from malware/Files/guardservice.exe unpack001/saved from malware/Files/m.exe unpack001/saved from malware/Files/mimikatz.exe unpack001/saved from malware/Files/nc.exe unpack001/saved from malware/Files/newtpp.exe unpack001/saved from malware/Files/npp.exe unpack001/saved from malware/Files/nxmr.exe unpack001/saved from malware/Files/o.exe unpack001/saved from malware/Files/pei.exe unpack001/saved from malware/Files/peinf.exe unpack001/saved from malware/Files/pered.exe unpack001/saved from malware/Files/pi.exe unpack001/saved from malware/Files/pimer_bbbcontents7.exe unpack001/saved from malware/Files/pocketrar350sc.exe unpack001/saved from malware/Files/pp.exe unpack001/saved from malware/Files/ps.exe unpack001/saved from malware/Files/r.exe unpack001/saved from malware/Files/random.exe unpack001/saved from malware/Files/request.exe unpack001/saved from malware/Files/s.exe unpack001/saved from malware/Files/sthealthclient.exe unpack001/saved from malware/Files/t.exe unpack001/saved from malware/Files/t1.exe unpack001/saved from malware/Files/t2.exe unpack001/saved from malware/Files/tdrpload.exe unpack001/saved from malware/Files/tools.exe unpack001/saved from malware/Files/tpeinf.exe unpack001/saved from malware/Files/tt.exe unpack001/saved from malware/Files/twztl.exe unpack001/saved from malware/Files/v.exe unpack001/saved from malware/Files/xmrig.exe unpack001/saved from malware/a/1111.exe unpack001/saved from malware/a/66ae9b239854c_crypto.exe unpack001/saved from malware/a/66af4e35e761b_doz.exe unpack001/saved from malware/a/66af531b832ee_main.exe unpack001/saved from malware/a/66af9bdbf0f60_Team.exe unpack001/saved from malware/a/66afa0d3934d8_ultfix.exe unpack001/saved from malware/a/66b09f01e0030_dozkey.exe unpack001/saved from malware/a/66b0ba4420669_main.exe unpack001/saved from malware/a/66b0ee142cf8f_PhotosExifEditor.exe unpack001/saved from malware/a/66b1b02a20b5a_cry.exe unpack001/saved from malware/a/66b331646d2cd_123p.exe unpack001/saved from malware/a/66b331997e05e_main21.exe unpack001/saved from malware/a/66b382f122c02_stk.exe unpack001/saved from malware/a/66b38609432fa_sosusion.exe unpack001/saved from malware/a/66b4ed2ceb0d7_stealc.exe unpack001/saved from malware/a/66b5ac1092454_otraba.exe unpack001/saved from malware/a/66b5ac957cc65_crypta.exe unpack001/saved from malware/a/66b5b75106ac6_stealc.exe unpack001/saved from malware/a/66b5d9d3adbaa_defaultr.exe unpack001/saved from malware/a/66b74da9b163e_1234.exe unpack001/saved from malware/a/66b7d12b3a8ea_5k.exe unpack001/saved from malware/a/66b7d3a2e7a4d_deepweb.exe unpack001/saved from malware/a/66b85f47d1f63_stealc.exe unpack001/saved from malware/a/Extreme%20Injector%20v3.exe unpack001/saved from malware/a/GGWS.exe unpack001/saved from malware/a/GGWSUpdate.exe unpack001/saved from malware/a/Identifications.exe unpack001/saved from malware/a/NJTCFVIV.exe unpack001/saved from malware/a/OpenArk32.exe unpack001/saved from malware/a/OpenArk64.exe unpack001/saved from malware/a/STHealthUpdate.exe unpack001/saved from malware/a/T7.exe unpack001/saved from malware/a/T9.exe unpack001/saved from malware/a/TTF.exe unpack001/saved from malware/a/U.exe unpack001/saved from malware/a/WE.exe unpack001/saved from malware/a/asusns.exe unpack001/saved from malware/a/authenticator.exe unpack001/saved from malware/a/backdoor.exe unpack001/saved from malware/a/build2.exe unpack001/saved from malware/a/c7.exe unpack001/saved from malware/a/cookie250.exe unpack001/saved from malware/a/exec.exe unpack001/saved from malware/a/keylogger.exe unpack001/saved from malware/a/msedge.exe unpack001/saved from malware/a/mservice64.exe unpack001/saved from malware/a/nano.exe unpack001/saved from malware/a/networks_profile.exe unpack001/saved from malware/a/out_test_sig.exe unpack001/saved from malware/a/pimer_bbbcontents7.exe unpack001/saved from malware/a/regasm.exe unpack001/saved from malware/a/request.exe unpack001/saved from malware/a/robotic.exe unpack001/saved from malware/a/sthealthclient.exe unpack001/saved from malware/a/stub.exe unpack001/saved from malware/a/wahost.exe
Files
-
saved from malware.7z.7z
-
saved from malware/Files/%E4%BA%94%E5%91%B3%E4%BC%A0%E5%A5%87.exe.exe windows:5 windows x86 arch:x86
a18c466a89c034cf01801b0439542035
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
oleaut32
SysFreeString
advapi32
RegQueryValueExA
user32
GetKeyboardType
gdi32
UnrealizeObject
version
VerQueryValueA
mpr
WNetGetConnectionA
ole32
CreateStreamOnHGlobal
comctl32
_TrackMouseEvent
shell32
ShellExecuteA
comdlg32
GetOpenFileNameA
wsock32
WSACleanup
gdiplus
GdipSetStringFormatLineAlign
Sections
.text Size: 2.7MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/%E5%B0%8F%E9%B8%A1%E5%85%A5%E4%BE%B5%E8%80%853.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 10.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 5.7MB - Virtual size: 5.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 7.8MB - Virtual size: 7.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7.5MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 232KB - Virtual size: 668KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 146KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/-.exe
-
saved from malware/Files/02.08.2022.exe
-
saved from malware/Files/1.exe.exe windows:5 windows x86 arch:x86
e3b708193fe03ba1bfd096b4ae42f3b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
_vscprintf
srand
rand
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/11.exe.exe windows:5 windows x86 arch:x86
e3b708193fe03ba1bfd096b4ae42f3b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
_vscprintf
srand
rand
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/1111.exe.exe windows:4 windows x86 arch:x86
74aaf0b5a0230a863603c8c6bcd8756b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetTempPathA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrlenA
msvcrt
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_cexit
_errno
_chsize
_filelengthi64
_fileno
_initterm
_iob
_lock
_onexit
_unlock
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fputc
fread
free
freopen
fsetpos
fwrite
getc
islower
isspace
isupper
isxdigit
localeconv
malloc
memcmp
memcpy
memmove
memset
mktime
localtime
difftime
_mkdir
perror
printf
realloc
remove
setlocale
signal
strchr
strcmp
strerror
strlen
strncmp
strncpy
strtol
strtoul
tolower
ungetc
vfprintf
time
wcslen
wcstombs
_stat
_utime
_fileno
_chmod
Exports
Exports
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 245KB - Virtual size: 244KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 6.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 66B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/14 Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/29 Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/41 Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/55 Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/67 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/80 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/91 Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/102 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/4ck3rr.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/66ab1b27ae40b_BotClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
26:18:1c:ed:f2:c1:13:e1:6a:c7:48:20:df:7a:38:a3Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before31-12-2015 00:00Not After27-01-2017 23:59SubjectCN=Samsung Electronics CO.\, LTD.,O=Samsung Electronics CO.\, LTD.,L=Suwon,ST=Kyungki-Do,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10-12-2013 00:00Not After09-12-2023 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before11-06-2015 00:00Not After29-12-2020 23:59SubjectCN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before01-01-1997 00:00Not After31-12-2020 23:59SubjectCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
26:18:1c:ed:f2:c1:13:e1:6a:c7:48:20:df:7a:38:a3Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before31-12-2015 00:00Not After27-01-2017 23:59SubjectCN=Samsung Electronics CO.\, LTD.,O=Samsung Electronics CO.\, LTD.,L=Suwon,ST=Kyungki-Do,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10-12-2013 00:00Not After09-12-2023 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before11-06-2015 00:00Not After29-12-2020 23:59SubjectCN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before01-01-1997 00:00Not After31-12-2020 23:59SubjectCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
06:a8:46:88:ec:e8:80:3b:51:0a:58:f5:b4:e8:7d:ab:79:65:f5:f1:22:b1:93:03:cd:82:32:c2:95:bb:e9:b8Signer
Actual PE Digest06:a8:46:88:ec:e8:80:3b:51:0a:58:f5:b4:e8:7d:ab:79:65:f5:f1:22:b1:93:03:cd:82:32:c2:95:bb:e9:b8Digest Algorithmsha256PE Digest Matchesfalsea9:31:e0:2f:0b:b5:80:db:f3:ca:97:33:2c:e9:ec:6f:87:5d:4d:7bSigner
Actual PE Digesta9:31:e0:2f:0b:b5:80:db:f3:ca:97:33:2c:e9:ec:6f:87:5d:4d:7bDigest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Botsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 504B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/66ab1b27ae40b_BotClient.exe5wDUFGqU3QeuQlEX.exe windows:6 windows x86 arch:x86
b855a851b141e89d180e7702048417ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CopyFileA
GetLastError
GetFileAttributesA
DeleteFileA
CloseHandle
CreateThread
CreateProcessA
CreateDirectoryA
SetUnhandledExceptionFilter
ReadFile
WriteFile
Sleep
CreateFileW
FindClose
GetProcessHeap
MultiByteToWideChar
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcess
GetModuleFileNameA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
FlushFileBuffers
SetEndOfFile
SetStdHandle
OutputDebugStringW
GetTimeZoneInformation
QueryPerformanceCounter
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RtlUnwind
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
SetFilePointerEx
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
GetFileSizeEx
HeapSize
advapi32
GetUserNameA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
GetTokenInformation
RegCloseKey
shell32
ShellExecuteA
SHGetFolderPathA
ole32
CoCreateInstance
CoUninitialize
CoInitialize
ws2_32
send
socket
connect
WSAStartup
freeaddrinfo
setsockopt
WSAGetLastError
getaddrinfo
closesocket
WSACleanup
recv
Sections
.text Size: 439KB - Virtual size: 438KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/66ae9b239854c_crypto.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
fastconverter.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/66b09d7d34310_DefragManager.exe.exe windows:6 windows x86 arch:x86
30af0fe2c05b84c5732b235ff670af9b
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25-05-2021 00:00Not After31-12-2028 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before03-11-2022 00:00Not After02-11-2025 23:59SubjectCN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HKExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25-05-2021 00:00Not After31-12-2028 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before03-11-2022 00:00Not After02-11-2025 23:59SubjectCN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HKExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c2:91:46:6a:a6:bf:09:8b:53:fd:3d:54:99:7f:1d:0e:ac:d0:73:d7:79:40:85:b2:20:73:00:dc:15:3c:cf:4eSigner
Actual PE Digestc2:91:46:6a:a6:bf:09:8b:53:fd:3d:54:99:7f:1d:0e:ac:d0:73:d7:79:40:85:b2:20:73:00:dc:15:3c:cf:4eDigest Algorithmsha256PE Digest Matchesfalse7e:b0:d9:f1:a1:48:d8:54:5a:36:09:a2:2c:f0:c6:ff:61:75:f1:ddSigner
Actual PE Digest7e:b0:d9:f1:a1:48:d8:54:5a:36:09:a2:2c:f0:c6:ff:61:75:f1:ddDigest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
QueueUserAPC
SetEvent
GlobalAlloc
CloseHandle
LocalFree
DeleteCriticalSection
WideCharToMultiByte
lstrcpyW
SleepEx
GetTempFileNameW
FormatMessageA
TerminateThread
CreateIoCompletionPort
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
GetLastError
FormatMessageW
Sleep
CreateEventW
PostQueuedCompletionStatus
WaitForSingleObject
FindClose
GetTempPathW
GetEnvironmentVariableW
GetQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
CreateWaitableTimerW
lstrlenW
EnterCriticalSection
SetLastError
SetWaitableTimer
FindFirstFileW
CreateDirectoryW
GetModuleFileNameW
GetTimeZoneInformation
DeleteFileW
GetFileAttributesW
CreateFile2
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
CreateFileA
CreateFileW
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFullPathNameW
ReadFile
WriteFile
PeekNamedPipe
GetExitCodeProcess
GetStdHandle
SearchPathA
DuplicateHandle
SetHandleInformation
CreatePipe
GetCurrentProcess
CreateProcessA
OpenProcess
GetProcAddress
LoadLibraryA
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetModuleHandleW
InitializeCriticalSection
ReleaseSemaphore
GetExitCodeThread
CreateSemaphoreA
VirtualFree
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemTime
SystemTimeToFileTime
GetSystemDirectoryA
FreeLibrary
LoadLibraryW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleA
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
SetEndOfFile
SetFilePointer
LoadLibraryExA
ExpandEnvironmentStringsA
LockFileEx
UnlockFileEx
GetProcessTimes
FindFirstFileA
FindNextFileA
RaiseException
GetLocaleInfoEx
GetStringTypeW
GetCurrentDirectoryW
FindFirstFileExW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
EncodePointer
DecodePointer
LCMapStringEx
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
CompareStringEx
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
ExitProcess
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
SetStdHandle
SetFilePointerEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FlushFileBuffers
GetConsoleOutputCP
GetVersion
user32
GetSystemMetrics
GetCursorPos
MessageBoxA
ChangeDisplaySettingsW
DestroyIcon
CreateIcon
LoadCursorW
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
EnumDisplaySettingsW
CreateWindowExA
DestroyWindow
ShowWindow
GetDC
ReleaseDC
TrackMouseEvent
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
RegisterDeviceNotificationW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
FlashWindowEx
SetWindowPos
GetKeyState
MapVirtualKeyW
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRect
SetCursor
ScreenToClient
MapWindowPoints
ClipCursor
shell32
ShellExecuteW
ws2_32
WSAWaitForMultipleEvents
getpeername
shutdown
socket
setsockopt
listen
connect
closesocket
bind
accept
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
WSAResetEvent
htons
htonl
WSAGetLastError
gethostbyname
select
ntohs
getsockopt
getsockname
ioctlsocket
WSACleanup
WSAStartup
inet_pton
inet_ntop
WSAEventSelect
WSAIoctl
__WSAFDIsSet
getaddrinfo
freeaddrinfo
gethostname
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
sendto
inet_addr
recvfrom
bcrypt
BCryptGenRandom
shlwapi
PathFileExistsW
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW
CryptStringToBinaryW
CertOpenStore
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
winmm
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
joyGetPosEx
joyGetDevCapsW
gdi32
ChoosePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps
DescribePixelFormat
advapi32
CryptGenRandom
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGetHashParam
CryptHashData
CryptImportKey
CryptEncrypt
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
CryptReleaseContext
CryptCreateHash
DeregisterEventSource
opengl32
wglShareLists
wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent
Sections
.text Size: 5.0MB - Virtual size: 5.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 219KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 475KB - Virtual size: 474KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 367KB - Virtual size: 366KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/66b1c36969eae_main.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
electrycsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 118KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/66b7a2aef1283_doz.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
drowsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/ChatLife.exe.exe windows:5 windows x86 arch:x86
be41bf7b8cc010b614bd36bbca606973
Code Sign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14-07-2023 00:00Not After13-10-2034 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
09:be:bd:8f:ba:e0:11:98:c5:52:55:0b:a6:80:f1:7bCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before06-04-2023 00:00Not After15-05-2025 23:59SubjectCN=Kakao Corp.,O=Kakao Corp.,L=Jeju-si,ST=Jeju-do,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW
user32
GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 458KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 516KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/Crack.exe.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 10.1MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 4.9MB - Virtual size: 4.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 7.6MB - Virtual size: 7.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6.6MB - Virtual size: 6.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 201KB - Virtual size: 439KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 267KB - Virtual size: 266KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/DelHosts.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 496KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 298KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 532KB - Virtual size: 531KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/Files/DownSysSoft.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 540KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 341KB - Virtual size: 344KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/Downaqzh.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 492KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/Downdd.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 496KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 298KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 532KB - Virtual size: 531KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/Files/Downggzh.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 496KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 563KB - Virtual size: 562KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 184KB - Virtual size: 183KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 839KB - Virtual size: 838KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/Downty.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 496KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 563KB - Virtual size: 562KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 184KB - Virtual size: 183KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 841KB - Virtual size: 841KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/JQMain.exe.exe windows:5 windows x86 arch:x86
052a42c495a0aeaeca141d0e9c942b5e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
F:\VCtest\Projects\NEWGZXTEST\GZX\Release\JQMain.pdb
Imports
mfc140u
ord14590
ord3055
ord4494
ord9693
ord4502
ord4988
ord4927
ord4912
ord4974
ord5019
ord4942
ord4997
ord5013
ord4954
ord4960
ord4966
ord4948
ord5003
ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3838
ord12089
ord9132
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord2761
ord8210
ord3302
ord3305
ord13756
ord6220
ord4225
ord8464
ord4323
ord1526
ord7495
ord462
ord8470
ord8386
ord12865
ord8324
ord5357
ord2486
ord12541
ord7923
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11982
ord3941
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord3852
ord5918
ord12239
ord12247
ord4589
ord8217
ord10433
ord12251
ord12219
ord12928
ord5249
ord5549
ord5760
ord6877
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord6860
ord1113
ord6489
ord1111
ord1070
ord1447
ord6559
ord6566
ord3882
ord2304
ord1133
ord1066
ord1180
ord4092
ord13911
ord7313
ord13442
ord952
ord2205
ord7997
ord1472
ord995
ord7653
ord12542
ord14596
ord10379
ord280
ord5110
ord2477
ord3372
ord3371
ord3265
ord12168
ord5790
ord5984
ord10255
ord6589
ord4219
ord3145
ord9126
ord6129
ord6490
ord9139
ord6549
ord968
ord3872
ord2993
ord8744
ord4222
ord3147
ord1511
ord2409
ord8360
ord12921
ord14405
ord11717
ord5718
ord5289
ord12131
ord9040
ord11015
ord11396
ord3296
ord4886
ord1002
ord4815
ord290
ord2996
ord286
ord1045
ord296
ord265
ord266
ord3404
ord3403
ord3164
ord2682
ord6218
ord13752
ord2760
ord12173
ord9235
ord9210
ord6533
ord5935
ord13703
ord2990
ord5882
ord9350
ord13646
ord2458
ord2457
ord13656
ord8067
ord14364
ord8062
ord3605
ord11038
ord1391
ord890
ord3833
ord14234
ord12793
ord5419
ord13800
ord13628
ord8817
ord14137
ord10472
ord13806
ord1523
ord5813
ord5850
ord7820
ord14377
ord4885
ord2526
ord3932
ord6607
ord4227
ord8746
ord7447
ord7481
ord3697
ord2246
ord2215
ord4360
ord12124
ord6497
ord11983
ord9128
ord1513
kernel32
SetWaitableTimer
WideCharToMultiByte
SetEvent
CreateToolhelp32Snapshot
CreateProcessA
LockResource
GetTickCount
CreateWaitableTimerA
CloseHandle
LoadResource
FindResourceW
Process32FirstW
OpenFileMappingW
UnmapViewOfFile
Process32NextW
OpenProcess
MapViewOfFile
CreateFileMappingA
CreateEventA
CreateDirectoryA
WritePrivateProfileStringW
CreateDirectoryW
GetFileAttributesW
VirtualProtect
GetCurrentProcessId
GetModuleHandleW
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
SizeofResource
CancelWaitableTimer
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
VirtualQuery
GetLastError
GetTempPathA
CreateFileW
DeviceIoControl
Sleep
CreateFileA
GetVolumeInformationA
OutputDebugStringW
CreateMutexW
GetFileAttributesA
GetPrivateProfileStringW
GetPrivateProfileIntA
GetPrivateProfileIntW
TerminateThread
WritePrivateProfileStringA
CreateThread
GetPrivateProfileStringA
GlobalSize
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CreateEventW
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
DeleteCriticalSection
LoadLibraryW
user32
GetClientRect
IsIconic
GetSystemMetrics
DrawIcon
GetWindowRect
GetParent
MoveWindow
UpdateWindow
GetWindow
GetDesktopWindow
AppendMenuW
IsWindowVisible
GetWindowTextA
SendMessageA
GetWindowTextW
OpenClipboard
GetClipboardData
CloseClipboard
GetSystemMenu
PostMessageA
GetCursorPos
GetSubMenu
LoadMenuW
MessageBoxW
LoadIconW
MessageBoxA
EnableWindow
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
SetWindowLongA
CallWindowProcW
GetWindowThreadProcessId
SendMessageW
advapi32
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenSCManagerA
OpenServiceA
DeleteService
CreateServiceA
StartServiceA
ControlService
shell32
ShellExecuteW
SHFileOperationW
DragQueryFileA
SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetSpecialFolderPathW
comctl32
InitCommonControlsEx
shlwapi
StrCmpW
msvcp140
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
ws2_32
shutdown
WSAStartup
WSASocketW
select
WSAGetLastError
closesocket
inet_ntoa
ioctlsocket
gethostbyname
inet_addr
WSASend
WSARecv
WSAIoctl
setsockopt
connect
bind
htons
plfl32
P_UserReg
P_GetDataValue
P_GetLoginValue
P_UserLogin
P_LoadSystem
P_CardReCharge
psapi
GetProcessImageFileNameA
wininet
InternetReadFile
InternetOpenUrlA
InternetOpenW
InternetCloseHandle
iphlpapi
GetAdaptersInfo
vcruntime140
__std_terminate
memmove
memchr
strstr
memset
__CxxFrameHandler3
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
_CxxThrowException
memcpy
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__stdio_common_vfprintf
fopen
fwrite
fclose
__stdio_common_vsprintf_s
feof
fgets
_set_fmode
__p__commode
api-ms-win-crt-time-l1-1-0
_time64
_localtime64_s
api-ms-win-crt-filesystem-l1-1-0
remove
_access
api-ms-win-crt-string-l1-1-0
strtok
toupper
api-ms-win-crt-runtime-l1-1-0
_configure_wide_argv
_initterm
_initterm_e
_exit
_beginthreadex
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_set_app_type
_initialize_onexit_table
system
_c_exit
_initialize_wide_environment
_register_onexit_function
_crt_atexit
terminate
_controlfp_s
_cexit
_seh_filter_exe
exit
api-ms-win-crt-heap-l1-1-0
malloc
_set_new_mode
free
api-ms-win-crt-convert-l1-1-0
_wtol
atoll
_wtoll
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/L.exe.exe windows:6 windows x86 arch:x86
08b1b12afb6e1cdcf5adc795ee884ca6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
CreateMutexW
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetProcessVersion
GetSystemDirectoryW
GlobalLock
GlobalUnlock
ole32
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
oleaut32
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit
user32
CloseClipboard
GetClipboardData
GetDC
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC
gdi32
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject
Sections
.text Size: 257KB - Virtual size: 256KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/M5traider.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
mentorship_and_software_support.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.5MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/Meredrop.exe.exe windows:6 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
LoadLi Size: 4KB - Virtual size: 1830.1MB
Size: 140KB - Virtual size: 4B
���� Size: - Virtual size:
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
-
saved from malware/Files/PXHMAIN.exe.exe windows:5 windows x86 arch:x86
af336d68081186dd2f182d0abf3f6e86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
F:\VCtest\Projects\SpeedNEWdrPXH\Release\PXHMAIN.pdb
Imports
mfc140u
ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3838
ord12089
ord9132
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord2761
ord8210
ord3302
ord3305
ord13756
ord6220
ord4225
ord540
ord8464
ord1526
ord290
ord7495
ord462
ord8470
ord8386
ord12865
ord8324
ord5357
ord2486
ord12541
ord12542
ord14589
ord5003
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11982
ord11983
ord5013
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord3852
ord5918
ord12239
ord12247
ord4589
ord8217
ord10433
ord12251
ord12219
ord12928
ord5249
ord4966
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord6860
ord1113
ord6489
ord6566
ord3882
ord296
ord4815
ord2304
ord1111
ord1133
ord7922
ord4948
ord1066
ord1180
ord1171
ord4092
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5790
ord5984
ord10255
ord6589
ord1511
ord2409
ord1002
ord4219
ord3145
ord9126
ord6129
ord6490
ord9139
ord6549
ord4360
ord13911
ord7313
ord13442
ord952
ord2205
ord7997
ord1472
ord995
ord7653
ord10379
ord280
ord1045
ord286
ord265
ord266
ord4960
ord5549
ord2215
ord2246
ord3697
ord3816
ord7481
ord7447
ord7820
ord5850
ord8757
ord2477
ord1523
ord10472
ord12921
ord12884
ord4663
ord5110
ord12131
ord9040
ord11015
ord11396
ord3404
ord3403
ord3164
ord6218
ord13752
ord2760
ord12173
ord9235
ord9210
ord6533
ord14377
ord2526
ord3932
ord6607
ord4227
ord8746
ord4886
ord8067
ord13646
ord5813
ord13656
ord8062
ord4884
ord3182
ord14137
ord11038
ord1391
ord4954
ord890
ord3833
ord14466
ord4885
ord1513
kernel32
GetLastError
GetTempPathA
CreateThread
Process32NextW
TerminateProcess
CloseHandle
Sleep
TerminateThread
SetSystemTime
OutputDebugStringW
CreateFileA
UnmapViewOfFile
SystemTimeToTzSpecificLocalTime
VirtualQuery
FileTimeToSystemTime
GetProcessTimes
OpenProcess
MapViewOfFile
OpenFileMappingW
Process32FirstW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
WideCharToMultiByte
CreateMutexW
DeviceIoControl
GetVolumeInformationA
VirtualProtect
GetPrivateProfileIntA
LoadLibraryA
GetProcAddress
GetFileAttributesA
CreateDirectoryA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetCurrentProcess
GetPrivateProfileIntW
GetLocalTime
GetPrivateProfileStringA
CreateProcessA
GetFileSize
ReadFile
GetFileAttributesW
GetModuleHandleW
GetCurrentProcessId
CreateEventA
CreateFileMappingA
SetEvent
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CreateEventW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
DeleteCriticalSection
LeaveCriticalSection
GetTickCount
user32
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
SendMessageA
GetWindowTextW
LoadMenuW
GetSubMenu
GetCursorPos
GetDesktopWindow
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
EnableWindow
GetWindow
UpdateWindow
MoveWindow
GetParent
GetWindowRect
DrawIcon
GetClientRect
IsIconic
GetSystemMetrics
AppendMenuW
GetSystemMenu
SetDlgItemTextW
PostMessageA
SendMessageW
LoadIconW
advapi32
RegQueryValueExA
OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegSetValueExW
RegCreateKeyExW
shell32
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileA
SHGetFolderPathA
SHGetSpecialFolderPathA
comctl32
InitCommonControlsEx
ImageList_ReplaceIcon
shlwapi
StrCmpW
msvcp140
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
ws2_32
ntohl
closesocket
gethostbyname
inet_ntoa
htonl
WSASocketW
bind
WSAIoctl
setsockopt
WSASend
ioctlsocket
connect
select
shutdown
WSAStartup
WSAGetLastError
htons
WSARecv
inet_addr
plfl32
P_UserReg
P_GetLoginValue
P_UserLogin
P_LoadSystem
P_CardReCharge
wininet
InternetReadFile
InternetOpenW
InternetCloseHandle
InternetOpenUrlA
psapi
GetProcessImageFileNameA
iphlpapi
GetAdaptersInfo
vcruntime140
__std_terminate
memmove
strstr
memset
__CxxFrameHandler3
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
_CxxThrowException
memcpy
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-runtime-l1-1-0
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
terminate
system
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_controlfp_s
exit
_beginthreadex
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
api-ms-win-crt-heap-l1-1-0
malloc
_set_new_mode
free
api-ms-win-crt-string-l1-1-0
strtok
toupper
api-ms-win-crt-time-l1-1-0
_time64
_localtime64_s
_mktime64
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf
fopen
fwrite
fclose
api-ms-win-crt-filesystem-l1-1-0
remove
_access
api-ms-win-crt-convert-l1-1-0
atoll
_wtol
_wtoi
_wtoll
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/Project_8.exe.exe windows:6 windows x86 arch:x86
1a5e4ddad4ba385b765de613acbb20f9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
lstrlenA
GetModuleHandleExW
ExitProcess
Sleep
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
VirtualQuery
GetLastError
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
msvcrt
_msize
?terminate@@YAXXZ
realloc
_errno
_wcmdln
__wgetmainargs
__set_app_type
_XcptFilter
free
_controlfp_s
strcat_s
strcpy_s
__p__commode
_set_fmode
_initterm_e
_initterm
_except_handler4_common
memset
?_set_new_mode@@YAHH@Z
__CxxFrameHandler3
_amsg_exit
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gehcont Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lSeoPnV Size: 273KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/Files/SvCpJuhbT.exe.exe windows:6 windows x64 arch:x64
f0ea7b7844bbc5bfa9bb32efdcea957c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
Sections
.text Size: 732KB - Virtual size: 731KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 894KB - Virtual size: 893KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 104KB - Virtual size: 455KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/a.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/aaa.exe.exe windows:5 windows x86 arch:x86
d4aa9ed1c24f35a9649cb4146576e0ec
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcr90
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
memset
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
srand
rand
mbstowcs
mpr
WNetAddConnection2W
WNetCancelConnectionW
ws2_32
WSAStartup
inet_addr
ioctlsocket
select
htons
socket
closesocket
gethostbyname
connect
wininet
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
shlwapi
PathFindFileNameW
urlmon
URLDownloadToFileW
kernel32
GetModuleFileNameW
CopyFileW
Sleep
WriteFile
GetTickCount
CreateProcessW
ExitProcess
DeleteFileW
CreateThread
ExpandEnvironmentStringsW
InterlockedExchange
CreateFileW
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetLastError
CreateMutexA
InterlockedCompareExchange
CloseHandle
user32
wsprintfA
wsprintfW
advapi32
OpenSCManagerW
CloseServiceHandle
CreateServiceW
StartServiceA
shell32
ShellExecuteW
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/abc.exe.exe windows:4 windows x86 arch:x86
481f47bbb2c9c21e108d65f52b04c448
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_iob
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
wcsncmp
_close
wcslen
wcscpy
strerror
modf
strspn
realloc
__p__environ
__p__wenviron
_errno
free
strncmp
strstr
strncpy
_ftol
qsort
fopen
perror
fclose
fflush
calloc
malloc
signal
printf
_isctype
atoi
exit
__mb_cur_max
_pctype
strchr
fprintf
_controlfp
_strdup
_strnicmp
kernel32
PeekNamedPipe
ReadFile
WriteFile
LoadLibraryA
GetProcAddress
GetVersionExA
GetExitCodeProcess
TerminateProcess
LeaveCriticalSection
SetEvent
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetFileType
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentProcess
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
FormatMessageA
GetLastError
WaitForSingleObject
CreateEventA
SetStdHandle
SetFilePointer
CreateFileA
CreateFileW
GetOverlappedResult
DeviceIoControl
GetFileInformationByHandle
LocalFree
advapi32
FreeSid
AllocateAndInitializeSid
wsock32
getsockopt
connect
htons
gethostbyname
ntohl
inet_ntoa
setsockopt
socket
closesocket
select
ioctlsocket
__WSAFDIsSet
WSAStartup
WSACleanup
WSAGetLastError
ws2_32
WSARecv
WSASend
Sections
.text Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/Files/amadey.exe.exe windows:6 windows x86 arch:x86
dc5e346c01606ee3d3aee4549b4acd39
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Mktmp\Amadey\Release\Amadey.pdb
Imports
kernel32
Sleep
GetTempPathA
GetLastError
GetFileAttributesA
CreateFileA
CloseHandle
GetSystemInfo
CreateThread
GetThreadContext
SetCurrentDirectoryA
VirtualAllocEx
RemoveDirectoryA
ReadProcessMemory
CreateProcessA
CreateDirectoryA
SetThreadContext
ReadConsoleW
SetEndOfFile
HeapSize
SetFilePointerEx
GetModuleHandleA
ResumeThread
GetComputerNameExW
GetVersionExW
CreateMutexA
PeekNamedPipe
VirtualAlloc
WriteFile
VirtualFree
WriteProcessMemory
GetModuleFileNameA
GetProcAddress
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
HeapAlloc
HeapFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
WriteConsoleW
user32
GetSystemMetrics
ReleaseDC
GetDC
gdi32
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt
advapi32
RegCloseKey
RegGetValueA
RegQueryValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
LookupAccountNameA
RegSetValueExA
RegOpenKeyExA
GetSidIdentifierAuthority
shell32
SHGetFolderPathA
ShellExecuteA
ord680
SHFileOperationA
wininet
HttpOpenRequestA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpSendRequestExA
HttpAddRequestHeadersA
HttpEndRequestA
InternetOpenW
InternetOpenUrlA
InternetWriteFile
gdiplus
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
Sections
.text Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/build_2024-07-27_00-41.exe.exe windows:5 windows x86 arch:x86
227c2d4ce0274b95ccaadb855c19748d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalCompact
EnumCalendarInfoW
SetEnvironmentVariableW
GetTickCount
CreateNamedPipeW
GetConsoleAliasesA
EnumResourceTypesA
GetConsoleCP
GlobalAlloc
SetFileShortNameW
LoadLibraryW
IsProcessInJob
FatalAppExitW
AssignProcessToJobObject
IsBadCodePtr
ReplaceFileW
GetModuleFileNameW
GetSystemDirectoryA
CreateFileW
GlobalUnlock
CreateJobObjectA
GetLastError
SetEndOfFile
VerLanguageNameW
LoadLibraryA
SetConsoleCtrlHandler
AddAtomW
HeapWalk
GetOEMCP
EnumDateFormatsA
GetModuleHandleA
GetProcessShutdownParameters
EnumResourceNamesA
GetFileTime
PeekConsoleInputA
GetDiskFreeSpaceExA
LCMapStringW
HeapSize
FlushFileBuffers
GetStringTypeW
WriteConsoleInputW
FindVolumeClose
GetProcAddress
HeapCompact
WriteConsoleW
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
MultiByteToWideChar
ReadFile
GetModuleHandleW
ExitProcess
SetFilePointer
HeapCreate
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
GetConsoleMode
GetCPInfo
GetACP
IsValidCodePage
Sleep
RtlUnwind
SetStdHandle
IsProcessorFeaturePresent
CloseHandle
user32
GetMenu
CharUpperBuffW
SetCaretPos
GetMessageExtraInfo
DrawStateW
GetSysColorBrush
gdi32
GetCharWidthI
CreateDCA
GetCharABCWidthsI
winhttp
WinHttpOpen
msimg32
AlphaBlend
Sections
.text Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 55KB - Virtual size: 32.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sarivi Size: 1024B - Virtual size: 723B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.sivopod Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/Files/clear.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 496KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 298KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/cmd/pocketrar.chm.chm
-
saved from malware/Files/cmd/rar.ini
-
saved from malware/Files/cmd/rar.ppc_arm.cab.cab
-
saved from malware/Files/cmd/uninstall.exe.exe windows:4 windows x86 arch:x86
e5d29e6665d4ae72a2942abbe17a361c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
kernel32
CloseHandle
CompareStringA
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
ExitProcess
FormatMessageA
GetCommandLineA
GetEnvironmentVariableA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
GetVersionExA
LocalFree
MultiByteToWideChar
RemoveDirectoryA
SetCurrentDirectoryA
Sleep
WriteFile
lstrcatA
lstrcpyA
lstrlenA
shell32
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA
user32
LoadStringA
MessageBoxA
wsprintfA
ole32
CoCreateInstance
OleInitialize
OleUninitialize
Sections
.text Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 552B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/Files/cmd/whatsnew.htm.html
-
saved from malware/Files/ds.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/firefox.exe.exe windows:6 windows x86 arch:x86
Code Sign
0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2031 00:00SubjectCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2013 12:00Not After22-10-2028 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:1c:d3:ee:a4:7e:dd:a7:a0:32:57:3b:01:4d:0a:fdCertificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before09-04-2021 00:00Not After19-06-2024 23:59SubjectCN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7e:89:b9:df:00:6b:d1:aa:4c:48:d8:65:03:96:34:caCertificate
IssuerCN=DummyNot Before01-01-2013 07:00Not After02-01-2013 07:00SubjectCN=DummyExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21-09-2022 00:00Not After21-11-2033 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
31:4a:e2:c1:8c:6c:80:e5:cd:b9:5a:c2:3e:3c:fe:42:f3:c4:de:af:25:a6:33:af:5c:c6:82:12:35:5e:ff:9dSigner
Actual PE Digest31:4a:e2:c1:8c:6c:80:e5:cd:b9:5a:c2:3e:3c:fe:42:f3:c4:de:af:25:a6:33:af:5c:c6:82:12:35:5e:ff:9dDigest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 208KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 112KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 63KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/guardservice.exe.exe windows:4 windows x86 arch:x86
7c0a45853a19590104720910cc56837f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcess
GetCurrentDirectoryW
OpenProcess
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
LocalFree
TerminateProcess
GlobalAlloc
GetTickCount
GetProcessHeap
HeapAlloc
RtlMoveMemory
HeapFree
WaitForSingleObject
lstrcpyn
Process32Next
lstrcatA
CloseHandle
Process32First
LocalAlloc
CreateToolhelp32Snapshot
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
RtlUnwind
ExitProcess
GetCommandLineA
GetStartupInfoA
CloseHandle
GlobalFree
GlobalUnlock
GlobalLock
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
WriteFile
SetFilePointer
HeapFree
HeapAlloc
GetLastError
GetCurrentProcess
GetVersionExA
GetDriveTypeA
TerminateProcess
GetProcAddress
GetModuleHandleA
Sleep
FreeLibrary
lstrcpyA
LoadLibraryA
lstrlenA
MultiByteToWideChar
GlobalAlloc
SetLastError
lstrcatA
HeapReAlloc
GetTimeZoneInformation
GetVersion
GetCurrentThreadId
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FlushFileBuffers
lstrcpynA
GetFullPathNameA
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
user32
GetWindowThreadProcessId
GetClassNameA
GetWindowTextLengthW
GetWindowTextW
CallWindowProcA
IsWindowVisible
GetParent
GetInputState
FindWindowExA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
DestroyMenu
GetSystemMetrics
GetWindowRect
SendMessageA
GetClassNameA
wsprintfA
ReleaseDC
GetDC
SystemParametersInfoA
GetDlgItem
SetWindowLongA
GetWindowTextA
GetWindowLongA
PtInRect
GetWindow
GetParent
PostQuitMessage
PostMessageA
EnableWindow
MessageBoxA
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
PeekMessageA
CallNextHookEx
GetKeyState
DispatchMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
msvcrt
strlen
shell32
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathA
ole32
CoUninitialize
CoCreateInstance
CoInitialize
odbc32
SQLDisconnect
SQLDriverConnect
SQLSetStmtAttr
SQLFetchScroll
SQLGetData
SQLDescribeCol
SQLFreeHandle
SQLPrepare
SQLEndTran
SQLGetConnectAttr
SQLGetDiagRec
SQLBrowseConnect
SQLExecDirect
SQLBindParameter
SQLNumResultCols
SQLRowCount
SQLSetEnvAttr
SQLAllocHandle
SQLSetConnectAttr
SQLExecute
ntdll
NtQueryInformationProcess
sprintf
advapi32
DeleteService
EnumDependentServicesA
StartServiceA
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
QueryServiceConfigA
CreateServiceA
GetServiceKeyNameA
QueryServiceConfig2A
ControlService
EnumServicesStatusExA
ChangeServiceConfigA
GetServiceDisplayNameA
ChangeServiceConfig2A
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegDeleteValueA
wininet
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetConnectA
FtpFindFirstFileA
FtpOpenFileA
InternetSetFilePointer
InternetOpenUrlA
wmvert
wm_WriteFile
wm_StrComp
wm_InStr
wm_DoEvents
wm_Space
wm_SpaceBin
wm_GetBinData
wm_ReadFile
wm_BinLen
wm_BOr
wm_CnvToBin
wm_MkDir
wm_ObjClear
wm_ObjCreateObject
wm_ObjCopy
wm_TimePart
wm_ObjRunMethod
wm_ObjSetProperty
wm_Len
wm_RpSubText
wm_Now
wm_Sleep
wm_Split
wm_VariantSet
wm_ObjGetProperty
wm_IsFileExist
wm_Str
wm_SaveRegItem
wm_IsRegItemExist
wm_GetRunPath
wm_GetRunFileName
wm_pbin
wm_VariantGetBin
wm_VariantClear
wm_ObjGetTextProperty
wm_ObjGetNumProperty
wm_Trim
wm_Right
wm_Left
wm_Mid
wm_Asc
wm_UCase
wm_Mod
wm_SHR
wm_BAnd
wm_SHL
wm_ToByte
wm_InStrRev
wm_Chr
wm_BinMid
wm_SetVariantType
wm_VariantCreateArray
wm_ObjRunTextMethod
wm_RunVariantMethod
wm_pstr
wm_ZeroAry
wm_GetTickCount
wm_BinLeft
wm_Open
wm_SeekToEnd
wm_Close
wm_WriteBin
wm_ToInt
wm_NotifySys
wm_CreateWindowFromTemplate
gdi32
GetStockObject
GetDeviceCaps
SelectObject
DeleteDC
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
winspool.drv
OpenPrinterA
ClosePrinter
DocumentPropertiesA
comctl32
ord17
Sections
.text Size: 164KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/m.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/mimikatz.exe.exe windows:5 windows x86 arch:x86
ff6abb25b3369620afef1dacd4a21f4c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
CryptSetHashParam
CryptGetHashParam
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptDuplicateKey
CryptAcquireContextA
CryptGetProvParam
CryptImportKey
SystemFunction007
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CopySid
GetLengthSid
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
CreateWellKnownSid
CreateProcessWithLogonW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
SystemFunction033
SystemFunction032
ConvertSidToStringSidW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
SetServiceObjectSecurity
OpenServiceW
BuildSecurityDescriptorW
QueryServiceObjectSecurity
StartServiceW
AllocateAndInitializeSid
QueryServiceStatusEx
FreeSid
ControlService
IsTextUnicode
OpenProcessToken
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
DuplicateTokenEx
CheckTokenMembership
CryptSetProvParam
CryptEnumProvidersW
ConvertStringSidToSidW
LsaFreeMemory
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
SetThreadToken
CryptEnumProviderTypesW
SystemFunction006
CryptGetUserKey
OpenEventLogW
GetNumberOfEventLogRecords
ClearEventLogW
SystemFunction001
CryptDeriveKey
SystemFunction005
LsaQueryTrustedDomainInfoByName
CryptSignHashW
LsaSetSecret
SystemFunction023
LsaOpenSecret
LsaQuerySecret
LsaRetrievePrivateData
LsaEnumerateTrustedDomainsEx
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
LookupPrivilegeNameW
OpenThreadToken
EqualSid
CredFree
CredEnumerateW
SystemFunction026
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction027
SystemFunction041
CredIsMarshaledCredentialW
CredUnmarshalCredentialW
A_SHAFinal
A_SHAInit
A_SHAUpdate
cabinet
ord11
ord14
ord10
ord13
crypt32
CryptSignAndEncodeCertificate
CertEnumSystemStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
CertAddEncodedCertificateToStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CryptStringToBinaryW
CertSetCertificateContextProperty
PFXExportCertStoreEx
CryptUnprotectData
CryptBinaryToStringW
CryptBinaryToStringA
CryptExportPublicKeyInfo
CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertFindCertificateInStore
CertGetCertificateContextProperty
CertGetNameStringW
CryptEncodeObject
CryptProtectData
CryptQueryObject
cryptdll
MD5Update
MD5Final
CDLocateCSystem
MD5Init
CDLocateCheckSum
CDGenerateRandomBits
dnsapi
DnsFree
DnsQuery_A
fltlib
FilterFindFirst
FilterFindNext
mpr
WNetCancelConnection2W
WNetAddConnection2W
netapi32
NetStatisticsGet
DsGetDcNameW
NetApiBufferFree
NetRemoteTOD
NetSessionEnum
NetServerGetInfo
DsEnumerateDomainTrustsW
NetShareEnum
NetWkstaUserEnum
I_NetServerAuthenticate2
I_NetServerTrustPasswordsGet
I_NetServerReqChallenge
odbc32
ord75
ord9
ord43
ord24
ord31
ord111
ord141
ord13
ole32
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateInstance
oleaut32
SysAllocString
VariantInit
SysFreeString
VariantClear
rpcrt4
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
MesEncodeIncrementalHandleCreate
RpcBindingSetAuthInfoExW
RpcBindingInqAuthClientW
RpcBindingSetOption
RpcImpersonateClient
RpcStringFreeW
RpcRevertToSelf
MesDecodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeFree2
NdrMesTypeEncode2
RpcServerUnregisterIfEx
I_RpcBindingInqSecurityContext
RpcServerInqBindings
RpcServerListen
RpcMgmtWaitServerListen
RpcEpRegisterW
RpcMgmtStopServerListening
RpcBindingToStringBindingW
RpcServerRegisterIf2
RpcServerRegisterAuthInfoW
RpcBindingVectorFree
UuidToStringW
RpcServerUseProtseqEpW
RpcEpUnregister
NdrServerCall2
NdrClientCall2
UuidCreate
RpcEpResolveBinding
RpcBindingSetObject
RpcBindingSetAuthInfoW
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
I_RpcGetCurrentCallHandle
shlwapi
UrlUnescapeW
PathIsDirectoryW
PathFindFileNameW
PathIsRelativeW
PathCombineW
PathCanonicalizeW
samlib
SamEnumerateAliasesInDomain
SamQueryInformationUser
SamCloseHandle
SamEnumerateDomainsInSamServer
SamFreeMemory
SamEnumerateUsersInDomain
SamOpenUser
SamLookupDomainInSamServer
SamLookupNamesInDomain
SamLookupIdsInDomain
SamOpenDomain
SamConnect
SamSetInformationUser
SamiChangePasswordUser
SamEnumerateGroupsInDomain
SamGetGroupsForUser
SamGetMembersInGroup
SamGetMembersInAlias
SamRidToSid
SamGetAliasMembership
SamOpenGroup
SamOpenAlias
secur32
FreeContextBuffer
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
QueryContextAttributesW
InitializeSecurityContextW
AcquireCredentialsHandleW
EnumerateSecurityPackagesW
FreeCredentialsHandle
DeleteSecurityContext
LsaCallAuthenticationPackage
LsaConnectUntrusted
shell32
CommandLineToArgvW
user32
SetClipboardViewer
DefWindowProcW
GetClipboardSequenceNumber
OpenClipboard
CreateWindowExW
ChangeClipboardChain
RegisterClassExW
TranslateMessage
EnumClipboardFormats
PostMessageW
DispatchMessageW
GetKeyboardLayout
IsCharAlphaNumericW
SendMessageW
UnregisterClassW
GetMessageW
DestroyWindow
CloseClipboard
GetClipboardData
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
hid
HidD_GetFeature
HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_SetFeature
HidD_FreePreparsedData
HidD_GetAttributes
setupapi
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
winscard
SCardControl
SCardTransmit
SCardDisconnect
SCardGetAttrib
SCardEstablishContext
SCardFreeMemory
SCardListReadersW
SCardReleaseContext
SCardGetCardTypeProviderNameW
SCardListCardsW
SCardConnectW
winsta
WinStationCloseServer
WinStationOpenServerW
WinStationFreeMemory
WinStationConnectW
WinStationQueryInformationW
WinStationEnumerateW
wldap32
ord145
ord36
ord208
ord41
ord73
ord310
ord13
ord77
ord142
ord54
ord309
ord79
ord304
ord301
ord127
ord26
ord167
ord147
ord27
ord88
ord157
ord14
ord122
ord140
ord203
ord69
ord139
ord97
ord223
ord12
ord113
ord224
ord96
ord133
msasn1
ASN1_CreateEncoder
ASN1BERDotVal2Eoid
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_FreeEncoded
ASN1_CloseModule
ASN1_CloseDecoder
ASN1_CreateModule
ntdll
RtlIpv6AddressToStringW
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlDowncaseUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlEqualUnicodeString
NtQueryObject
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtQuerySystemInformation
RtlGetCurrentPeb
NtQueryInformationProcess
RtlCreateUserThread
RtlGUIDFromString
RtlStringFromGUID
NtCompareTokens
RtlGetNtVersionNumbers
RtlEqualString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
NtQueryDirectoryObject
NtResumeProcess
NtOpenDirectoryObject
RtlAdjustPrivilege
NtSuspendProcess
NtTerminateProcess
NtQuerySystemEnvironmentValueEx
NtSetSystemEnvironmentValueEx
NtEnumerateSystemEnvironmentValuesEx
RtlIpv4AddressToStringW
kernel32
SystemTimeToFileTime
lstrlenA
GetDateFormatW
GetSystemTimeAsFileTime
ClearCommError
CreateRemoteThread
WaitForSingleObject
CreateProcessW
SetConsoleOutputCP
GetConsoleOutputCP
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory
VirtualProtect
InterlockedExchange
SetFilePointerEx
GetProcessId
GetComputerNameW
ProcessIdToSessionId
VirtualAllocEx
VirtualProtectEx
VirtualAlloc
SetLastError
ReadProcessMemory
VirtualFreeEx
VirtualQueryEx
VirtualFree
VirtualQuery
GetComputerNameExW
DeviceIoControl
DuplicateHandle
OpenProcess
GetCurrentProcess
ExpandEnvironmentStringsW
FindNextFileW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
FlushFileBuffers
GetFileAttributesW
FindFirstFileW
lstrlenW
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
DeleteFileA
GetTempPathA
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetTempFileNameA
SetFilePointer
CreateFileA
FileTimeToDosDateTime
CreateThread
LocalFree
CloseHandle
LocalAlloc
GetLastError
CreateFileW
ReadFile
Sleep
TerminateThread
WriteFile
FileTimeToSystemTime
GetTimeFormatW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
CreateMutexW
HeapCompact
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
FormatMessageA
FormatMessageW
GetVersionExW
WideCharToMultiByte
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
MultiByteToWideChar
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetSystemTime
AreFileApisANSI
ExitProcess
ExitThread
RaiseException
SetConsoleCtrlHandler
SetConsoleTitleW
SetFileAttributesW
GlobalSize
SetHandleInformation
CreatePipe
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetSystemDirectoryW
SetConsoleCursorPosition
GetTimeZoneInformation
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
IsWow64Process
SetCurrentDirectoryW
GetCurrentThread
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetModuleHandleA
GetCurrentThreadId
PurgeComm
msvcrt
calloc
__set_app_type
_lseeki64
wctomb
__setusermatherr
isspace
mbtowc
__mb_cur_max
_itoa
isleadbyte
isxdigit
localeconv
_snprintf
__p__fmode
ferror
iswctype
wcstombs
?terminate@@YAXXZ
_write
_isatty
ungetc
_controlfp
__badioinfo
__pioinfo
__p__commode
_read
isdigit
strrchr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
_errno
free
_wcsdup
_vsnprintf
_except_handler3
_wcsicmp
vfwprintf
_vscwprintf
fflush
_wfopen
wprintf
_fileno
_iob
vwprintf
_setmode
fclose
_stricmp
wcsrchr
wcschr
wcsstr
strtoul
_wcsnicmp
_vscprintf
memmove
strncmp
malloc
_msize
strcspn
realloc
fgetws
wcstoul
strchr
wcstol
wcsncmp
_wcstoui64
towupper
_wpgmptr
strstr
_strcmpi
strtol
getchar
memset
memcpy
__wgetmainargs
Sections
.text Size: 628KB - Virtual size: 627KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 366KB - Virtual size: 365KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/nc.exe.exe windows:4 windows x86 arch:x86
09d0478591d4f788cb3e5ea416c25237
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Sections
.text Size: 27KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/newtpp.exe.exe windows:5 windows x86 arch:x86
e3b708193fe03ba1bfd096b4ae42f3b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
_vscprintf
srand
rand
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/npp.exe.exe windows:5 windows x86 arch:x86
7fda7734b056db13fe95f35927509e47
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFileExistsW
msvcr90
__set_app_type
?terminate@@YAXXZ
_unlock
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
srand
rand
memset
__dllonexit
_crt_debugger_hook
wininet
InternetOpenA
InternetOpenUrlA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
urlmon
URLDownloadToFileW
kernel32
SetUnhandledExceptionFilter
GetStartupInfoA
GetTickCount
ExpandEnvironmentStringsW
CreateFileW
WriteFile
CloseHandle
DeleteFileW
CreateProcessW
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
InterlockedExchange
user32
wsprintfW
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 510B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/nxmr.exe.exe windows:4 windows x64 arch:x64
f7505c167603909b7180406402fef19e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
CloseHandle
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLastError
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
RaiseException
ReleaseSemaphore
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
msvcrt
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_onexit
_wcsicmp
_wcsnicmp
abort
calloc
exit
fprintf
fputc
fputs
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
realloc
signal
strcmp
strerror
strlen
strncmp
vfprintf
wcscat
wcscpy
wcslen
wcsncmp
wcsstr
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 6KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 4KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/o.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/pei.exe.exe windows:5 windows x86 arch:x86
7fda7734b056db13fe95f35927509e47
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFileExistsW
msvcr90
__set_app_type
?terminate@@YAXXZ
_unlock
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
srand
rand
memset
__dllonexit
_crt_debugger_hook
wininet
InternetOpenA
InternetOpenUrlA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
urlmon
URLDownloadToFileW
kernel32
SetUnhandledExceptionFilter
GetStartupInfoA
GetTickCount
ExpandEnvironmentStringsW
CreateFileW
WriteFile
CloseHandle
DeleteFileW
CreateProcessW
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
InterlockedExchange
user32
wsprintfW
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 510B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/peinf.exe.exe windows:5 windows x86 arch:x86
fb0ee5bafbb99ce467989526f0be15c6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathCombineW
StrCmpNW
msvcr90
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcsstr
memcpy
memset
kernel32
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
ExitThread
FindFirstFileW
lstrcmpW
FindNextFileW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
GetFileSize
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CreateFileW
CloseHandle
CreateThread
ExitProcess
GetLastError
CreateMutexA
Sleep
user32
CharLowerW
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ole32
CoInitializeEx
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 650B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/pered.exe.exe windows:5 windows x64 arch:x64
a6cec5b1a631d592d80900ab7e1de8df
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
comctl32
ord380
kernel32
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
advapi32
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
gdi32
SelectObject
DeleteObject
CreateFontIndirectW
Sections
.text Size: 162KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/pi.exe.exe windows:5 windows x86 arch:x86
2ffdf0a1519d1adada787fd4df5a5fec
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
recvfrom
setsockopt
sendto
send
recv
WSAStartup
ioctlsocket
bind
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
WSAEnumNetworkEvents
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEventSelect
WSAGetOverlappedResult
WSAWaitForMultipleEvents
getpeername
accept
WSACreateEvent
WSASocketA
listen
shlwapi
PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
StrChrA
StrStrIA
StrCmpNIA
StrStrW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
InternetOpenUrlW
InternetOpenUrlA
HttpQueryInfoA
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetCrackUrlA
InternetReadFile
HttpAddRequestHeadersA
ntdll
memcpy
_chkstk
_aulldiv
RtlUnwind
memmove
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
strstr
isdigit
isalpha
_allshl
_aullshr
memset
msvcrt
rand
srand
_vscprintf
kernel32
GetLastError
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetSystemInfo
PostQueuedCompletionStatus
GetProcessHeaps
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
CreateMutexA
MoveFileA
MoveFileW
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW
user32
TranslateMessage
RegisterClassExW
wsprintfW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wsprintfA
wvsprintfA
GetWindowLongW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer
advapi32
RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW
shell32
ShellExecuteW
ole32
CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/pimer_bbbcontents7.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
pimer.bbbcontents7.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 506B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/pocketrar350sc.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 84KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 43KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.lif Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/pp.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/ps.exe.exe windows:6 windows x86 arch:x86
c8bf48e03c8c37268b47f1d2591aa6fd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ConnectNamedPipe
GetComputerNameW
CreateThread
CloseHandle
GetCurrentThread
GetLastError
CreateEventW
GetSystemDirectoryW
WaitForSingleObject
CreateNamedPipeW
GetCurrentProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
advapi32
OpenThreadToken
AdjustTokenPrivileges
RevertToSelf
SetTokenInformation
LookupPrivilegeNameW
CreateProcessWithTokenW
OpenProcessToken
ImpersonateNamedPipeClient
InitializeSecurityDescriptor
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
GetTokenInformation
rpcrt4
UuidCreate
RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
UuidToStringW
RpcBindingFromStringBindingW
NdrClientCall2
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
vcruntime140
memset
__current_exception_context
__current_exception
_except_handler4_common
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vfwprintf
__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vswprintf
fflush
api-ms-win-crt-string-l1-1-0
_wcsicmp
api-ms-win-crt-convert-l1-1-0
wcstoul
api-ms-win-crt-heap-l1-1-0
malloc
_set_new_mode
free
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_initterm_e
_set_app_type
_cexit
_seh_filter_exe
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_configure_wide_argv
_initterm
_exit
_initialize_wide_environment
__p___wargv
_initialize_onexit_table
_get_initial_wide_environment
exit
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 752B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/r.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/random.exe.exe windows:6 windows x86 arch:x86
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 183KB - Virtual size: 416KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
avopxyzm Size: 1.6MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rvrtgwyg Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/request.exe.exe windows:6 windows x86 arch:x86
015966a997659caed7ef58f6ab2e8bde
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
Sleep
CopyFileA
GetLastError
CloseHandle
VirtualProtectEx
ResumeThread
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateProcessA
SetThreadContext
GetComputerNameA
WriteConsoleW
WaitForSingleObject
CreateMutexA
VirtualAlloc
WriteProcessMemory
GetThreadContext
GetModuleFileNameA
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile
advapi32
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey
shell32
ShellExecuteA
ole32
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
oleaut32
VariantInit
SysFreeString
VariantClear
SysAllocString
wininet
InternetOpenUrlA
InternetOpenW
InternetCloseHandle
InternetReadFile
ws2_32
sendto
htons
recv
connect
socket
send
inet_addr
WSACleanup
closesocket
WSAStartup
Sections
.text Size: 229KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/s.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/sthealthclient.exe.exe windows:5 windows x86 arch:x86
bf5a4aa99e5b160f8521cadd6bfe73b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ole32
OleInitialize
oleaut32
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/Files/t.exe.exe windows:5 windows x86 arch:x86
e3b708193fe03ba1bfd096b4ae42f3b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
_vscprintf
srand
rand
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/t1.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/t2.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/tdrpload.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/tools.exe.exe windows:4 windows x86 arch:x86
f6243a15fa8eee8ee96b5e1144d461f6
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
CloseHandle
ConnectNamedPipe
CreateFileA
CreateNamedPipeA
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
ReadFile
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WriteFile
msvcrt
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
sprintf
strlen
strncmp
vfprintf
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 303KB - Virtual size: 303KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 1KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/tpeinf.exe.exe windows:5 windows x86 arch:x86
68ea642d9ea854cd557366cd6c8ee49a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFileExistsW
msvcrt
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
memset
__set_app_type
wininet
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
urlmon
URLDownloadToFileW
kernel32
CloseHandle
DeleteFileW
CreateFileW
ExpandEnvironmentStringsW
GetTickCount
GetModuleHandleA
GetStartupInfoA
Sleep
CreateProcessW
WriteFile
user32
wsprintfW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 60B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 246B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/tt.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/twztl.exe.exe windows:5 windows x86 arch:x86
2e23372b9869b74c90162a6fda4f170d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
gethostname
recvfrom
setsockopt
closesocket
htons
shutdown
WSAStartup
connect
WSAWaitForMultipleEvents
listen
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSASend
WSARecv
WSACloseEvent
accept
getpeername
getsockname
inet_addr
gethostbyname
inet_ntoa
socket
bind
sendto
ioctlsocket
recv
send
shlwapi
StrStrIA
StrCmpNW
StrStrW
PathFileExistsW
StrChrA
PathFindFileNameW
StrCmpNIA
PathMatchSpecW
urlmon
URLDownloadToFileW
wininet
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetOpenW
ntdll
strlen
isdigit
isalpha
memcpy
memset
NtQueryVirtualMemory
RtlUnwind
_chkstk
_aulldiv
wcslen
wcscmp
_allshl
_aullshr
strstr
strcmp
memmove
memcmp
RtlTimeToSecondsSince1980
NtQuerySystemTime
mbstowcs
msvcrt
srand
rand
_vscprintf
kernel32
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
lstrcmpW
SetEvent
CreateProcessW
GetLocaleInfoA
DeleteCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
InterlockedExchangeAdd
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
InterlockedExchange
HeapFree
HeapValidate
HeapReAlloc
GetProcessHeaps
HeapCreate
HeapSetInformation
GetCurrentProcessId
HeapAlloc
CreateMutexA
GetLastError
ExitProcess
ExpandEnvironmentStringsW
CreateEventA
CreateThread
GetModuleFileNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
CopyFileW
lstrcmpiW
CreateDirectoryW
FindFirstFileW
CreateIoCompletionPort
MoveFileExW
FindNextFileW
FindClose
RemoveDirectoryW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
lstrcpyW
WriteFile
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
lstrlenW
lstrcpynW
MultiByteToWideChar
ExitThread
GetTickCount
Sleep
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetFileSize
user32
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
wsprintfW
DefWindowProcA
ChangeClipboardChain
RegisterRawInputDevices
GetClipboardData
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SendMessageA
SetWindowLongW
SetClipboardViewer
GetWindowLongW
wsprintfA
wvsprintfA
OpenClipboard
advapi32
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
RegCloseKey
RegSetValueExW
RegSetValueExA
shell32
ShellExecuteW
ole32
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/Files/v.exe.exe windows:5 windows x86 arch:x86
38ca2cef077b08d131c2be3bfd70789c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcr90
_invoke_watson
_except_handler4_common
memset
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcscmp
wcslen
srand
rand
_controlfp_s
urlmon
URLDownloadToFileW
wininet
InternetOpenUrlW
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetOpenW
shlwapi
PathFindFileNameW
PathFileExistsW
kernel32
CreateMutexA
GetLastError
ExitProcess
GetModuleFileNameW
CopyFileW
SetFileAttributesW
GetTickCount
ExpandEnvironmentStringsW
CreateFileW
WriteFile
InterlockedExchange
DeleteFileW
CreateProcessW
Sleep
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetSystemTimeAsFileTime
InterlockedCompareExchange
GetStartupInfoA
CloseHandle
UnhandledExceptionFilter
TerminateProcess
user32
wsprintfW
advapi32
RegSetValueExW
RegCloseKey
RegOpenKeyExW
shell32
ShellExecuteW
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 644B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/Files/xmrig.exe.exe windows:4 windows x64 arch:x64
16bb67d62ee484974f9392fc52c45722
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
ControlService
CreateServiceW
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeleteService
DeregisterEventSource
FreeSid
GetSecurityInfo
GetTokenInformation
GetUserNameW
LookupPrivilegeValueW
LsaAddAccountRights
LsaClose
LsaOpenPolicy
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
SetEntriesInAclA
SetSecurityInfo
StartServiceW
SystemFunction036
crypt32
CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
iphlpapi
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToNameW
GetAdaptersAddresses
kernel32
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AssignProcessToJobObject
CancelIo
CancelIoEx
CancelSynchronousIo
CloseHandle
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiber
CopyFileW
CreateDirectoryW
CreateEventA
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSymbolicLinkW
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeleteFiber
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetComputerNameA
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetHandleInformation
GetLargePageMinimum
GetLastError
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNativeSystemInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemFirmwareTable
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTickCount64
GetVersion
GetVersionExA
GetVersionExW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
K32GetProcessMemoryInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
RaiseException
ReOpenFile
ReadConsoleA
ReadConsoleInputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileCompletionNotificationModes
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessAffinityMask
SetSystemTime
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableCS
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleW
WriteFile
__C_specific_handler
msvcrt
___lc_codepage_func
___mb_cur_max_func
__argv
__doserrno
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_close
_commode
_endthreadex
_errno
_exit
_fdopen
_filelengthi64
_fileno
_findclose
_fileno
_findfirst64
_findnext64
_fmode
_fstat64
_fullpath
_get_osfhandle
_gmtime64
_initterm
_isatty
_localtime64
_lock
_lseeki64
_mkdir
_onexit
_open
_open_osfhandle
_read
_read
_setjmp
_setmode
_snwprintf
_stat64
_stricmp
_strdup
_strdup
_strnicmp
_time64
_ultoa
_unlock
_umask
_vscprintf
_vsnprintf
_vsnwprintf
_wchmod
_wcsdup
_wcsnicmp
_wcsrev
_wfopen
_wopen
_write
_wrmdir
abort
atof
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
islower
isspace
isupper
iswctype
isxdigit
_write
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
qsort
raise
realloc
rand
setlocale
setvbuf
signal
sprintf
srand
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
strxfrm
tolower
toupper
towlower
towupper
ungetc
vfprintf
ungetwc
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcsstr
wcstombs
wcsxfrm
ole32
CoCreateInstance
CoInitializeEx
CoUninitialize
shell32
SHGetSpecialFolderPathA
user32
DispatchMessageA
GetLastInputInfo
GetMessageA
GetProcessWindowStation
GetSystemMetrics
GetUserObjectInformationW
MapVirtualKeyW
MessageBoxW
ShowWindow
TranslateMessage
userenv
GetUserProfileDirectoryW
ws2_32
FreeAddrInfoW
GetAddrInfoW
WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket
Sections
.text Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 188KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 238KB - Virtual size: 238KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 3.1MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/1111.exe.exe windows:4 windows x86 arch:x86
74aaf0b5a0230a863603c8c6bcd8756b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetTempPathA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrlenA
msvcrt
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_cexit
_errno
_chsize
_filelengthi64
_fileno
_initterm
_iob
_lock
_onexit
_unlock
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fputc
fread
free
freopen
fsetpos
fwrite
getc
islower
isspace
isupper
isxdigit
localeconv
malloc
memcmp
memcpy
memmove
memset
mktime
localtime
difftime
_mkdir
perror
printf
realloc
remove
setlocale
signal
strchr
strcmp
strerror
strlen
strncmp
strncpy
strtol
strtoul
tolower
ungetc
vfprintf
time
wcslen
wcstombs
_stat
_utime
_fileno
_chmod
Exports
Exports
main
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 245KB - Virtual size: 244KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 6.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 66B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/14 Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/29 Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/41 Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/55 Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/67 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/80 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/91 Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/102 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66ae96cb3d23b_crypted.exe.exe windows:6 windows x86 arch:x86
ddd411113fce64ff664d110a3ad7d003
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before13-01-2023 00:00Not After16-01-2026 23:59SubjectCN=NVIDIA Corporation,OU=2-J,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
38:63:de:f8Certificate
IssuerCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netNot Before24-12-1999 17:50Not After24-07-2029 14:15SubjectCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netKey Usages
KeyUsageCertSign
KeyUsageCRLSign
58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate
IssuerCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netNot Before22-07-2015 19:02Not After22-06-2029 19:32SubjectCN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate
IssuerCN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USNot Before04-10-2022 17:21Not After01-01-2029 00:00SubjectCN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CAExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
05:8f:79:c9:1e:77:06:ec:45:3e:8a:2a:4d:c5:23:3c:99:63:3c:cc:c5:f9:35:4f:9e:02:3f:a7:3d:e1:c7:e4Signer
Actual PE Digest05:8f:79:c9:1e:77:06:ec:45:3e:8a:2a:4d:c5:23:3c:99:63:3c:cc:c5:f9:35:4f:9e:02:3f:a7:3d:e1:c7:e4Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\ytjij8b4e5q\output.pdb
Imports
kernel32
WaitForSingleObject
CreateThread
GetProcAddress
VirtualAllocEx
GetModuleHandleW
MultiByteToWideChar
FormatMessageA
GetStringTypeW
WideCharToMultiByte
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
GetLocaleInfoEx
LCMapStringEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFileInformationByHandle
GetTempPathW
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
CompareStringEx
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateFileW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW
Sections
.text Size: 522KB - Virtual size: 522KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 312KB - Virtual size: 318KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66ae9b239854c_crypto.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
fastconverter.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66af4e35e761b_doz.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
tashkentsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66af531b832ee_main.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
simplemusic.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66af9bdbf0f60_Team.exe.exe windows:5 windows x64 arch:x64
c346eaddb975f381aa1bae852c6a8010
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
oleaut32
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
user32
CharNextW
LoadStringW
WINNLSEnableIME
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxIndirectW
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AppendMenuW
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
kernel32
Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FindResourceW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OutputDebugStringW
MultiByteToWideChar
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemDirectoryW
GetStdHandle
GetLongPathNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringA
CompareStringW
CloseHandle
Sleep
gdi32
UnrealizeObject
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetRegionData
GetPixel
GetPaletteEntries
GetObjectA
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetCharABCWidthsFloatW
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
ole32
CreateStreamOnHGlobal
ReleaseStgMedium
OleDraw
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
comctl32
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
msvcrt
isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strchr
strncmp
memset
memcpy
memcmp
shell32
ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
comdlg32
PageSetupDlgW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
winspool.drv
SetPrinterW
OpenPrinterW
GetPrinterW
GetDefaultPrinterW
EnumPrintersW
DocumentPropertiesW
DeviceCapabilitiesW
ClosePrinter
GetDefaultPrinterW
winmm
timeGetTime
d3d9
Direct3DCreate9
Exports
Exports
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Sections
.text Size: 9.7MB - Virtual size: 9.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 841KB - Virtual size: 841KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 124KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 157B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 880B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 109B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 534KB - Virtual size: 533KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.pdata Size: 513KB - Virtual size: 512KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/66afa0d3934d8_ultfix.exe.exe windows:6 windows x64 arch:x64
5929190c8765f5bc37b052ab5c6c53e7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen
Exports
Exports
_cgo_dummy_export
Sections
.text Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 351KB - Virtual size: 350KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 9.7MB - Virtual size: 9.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 182KB - Virtual size: 182KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 383KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 78B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 110KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b09f01e0030_dozkey.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
marcetsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b0ba4420669_main.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
burjhsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b0ee142cf8f_PhotosExifEditor.exe.exe windows:6 windows x64 arch:x64
c595f1660e1a3c84f4d9b0761d23cd7a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
AddAtomA
AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen
Exports
Exports
_cgo_dummy_export
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 176KB - Virtual size: 175KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 563KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 78B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 316KB - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b1b02a20b5a_cry.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 118KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b331646d2cd_123p.exe.exe windows:6 windows x64 arch:x64
3fac356340f08f787f93cbf317f090cd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
__C_specific_handler
kernel32
DeleteCriticalSection
Sections
.text Size: - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 12.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 384B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text0 Size: - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text1 Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text2 Size: 10.1MB - Virtual size: 10.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 193KB - Virtual size: 193KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b331997e05e_main21.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
softconverter.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 8.2MB - Virtual size: 8.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b382f122c02_stk.exe.exe windows:6 windows x86 arch:x86
add63f909d344437ae54d223c75de68e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
advapi32
GetUserNameA
shell32
ShellExecuteA
ole32
CoCreateInstance
ws2_32
send
Sections
.MPRESS1 Size: 6.4MB - Virtual size: 19.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 139KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/a/66b38609432fa_sosusion.exe.exe windows:6 windows x64 arch:x64
e902806dc6753d09a7c13ca6f68bc7e5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
WriteConsoleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapFree
CloseHandle
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapReAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
SetEndOfFile
Sections
.text Size: 401KB - Virtual size: 401KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 205KB - Virtual size: 210KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.enigma1 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.enigma2 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp2 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.arch Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.srdata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xpdata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xtls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.dsstext Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 150KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b38b9ae0da3_palnet_new.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
52:47:96:ee:4a:18:0f:b8:4d:1e:a2:50:67:e9:ce:39Certificate
IssuerCN=^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))Not Before06-08-2024 17:18Not After07-08-2034 17:18SubjectCN=^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))^^^^^^^^^^^^^################(((((((((((())))))))))))))))))))))))))))3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate
IssuerCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBNot Before15-01-2024 00:00Not After14-04-2035 23:59SubjectCN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate
IssuerCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before22-03-2021 00:00Not After18-01-2038 23:59SubjectCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
69:56:9b:68:fc:50:e2:a8:3b:9a:19:f8:44:c9:ea:d5:dd:a4:a1:a0:27:ac:1c:46:0a:e8:b4:40:6b:b3:56:b3Signer
Actual PE Digest69:56:9b:68:fc:50:e2:a8:3b:9a:19:f8:44:c9:ea:d5:dd:a4:a1:a0:27:ac:1c:46:0a:e8:b4:40:6b:b3:56:b3Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
palnet_to_creator.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b4af430a0a1_files.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
54:64:0d:9c:13:56:5f:96:4d:7b:75:47:73:45:61:97Certificate
IssuerCN={{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}Not Before07-08-2024 11:29Not After08-08-2034 11:29SubjectCN={{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate
IssuerCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBNot Before15-01-2024 00:00Not After14-04-2035 23:59SubjectCN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate
IssuerCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before22-03-2021 00:00Not After18-01-2038 23:59SubjectCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bd:93:1f:c1:7b:64:b0:f4:73:ea:b6:82:af:f6:e5:6d:36:0b:a6:d1:5e:b5:99:73:81:cc:2e:85:9b:f2:7c:b0Signer
Actual PE Digestbd:93:1f:c1:7b:64:b0:f4:73:ea:b6:82:af:f6:e5:6d:36:0b:a6:d1:5e:b5:99:73:81:cc:2e:85:9b:f2:7c:b0Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
data763portfolio.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b4b5e40dbf6_template832components.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
54:64:0d:9c:13:56:5f:96:4d:7b:75:47:73:45:61:97Certificate
IssuerCN={{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}Not Before07-08-2024 11:29Not After08-08-2034 11:29SubjectCN={{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}{{{{{{_____%%%%%%%%%%%--------}}}}}}}}}}3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate
IssuerCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBNot Before15-01-2024 00:00Not After14-04-2035 23:59SubjectCN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate
IssuerCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before22-03-2021 00:00Not After18-01-2038 23:59SubjectCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f5:22:d6:34:46:06:95:69:43:be:1e:cb:3d:6b:04:53:c5:f4:3f:51:eb:42:0c:9b:bc:cf:ef:80:13:4f:e0:ebSigner
Actual PE Digestf5:22:d6:34:46:06:95:69:43:be:1e:cb:3d:6b:04:53:c5:f4:3f:51:eb:42:0c:9b:bc:cf:ef:80:13:4f:e0:ebDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
template832components.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b4ed2ceb0d7_stealc.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
soundsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.1MB - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b5ac1092454_otraba.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
lisasoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 165KB - Virtual size: 164KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b5ac957cc65_crypta.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
tomorrowsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.5MB - Virtual size: 6.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b5ace3a06b0_dozkey.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
26:18:1c:ed:f2:c1:13:e1:6a:c7:48:20:df:7a:38:a3Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before31-12-2015 00:00Not After27-01-2017 23:59SubjectCN=Samsung Electronics CO.\, LTD.,O=Samsung Electronics CO.\, LTD.,L=Suwon,ST=Kyungki-Do,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10-12-2013 00:00Not After09-12-2023 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before11-06-2015 00:00Not After29-12-2020 23:59SubjectCN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before01-01-1997 00:00Not After31-12-2020 23:59SubjectCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
26:18:1c:ed:f2:c1:13:e1:6a:c7:48:20:df:7a:38:a3Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before31-12-2015 00:00Not After27-01-2017 23:59SubjectCN=Samsung Electronics CO.\, LTD.,O=Samsung Electronics CO.\, LTD.,L=Suwon,ST=Kyungki-Do,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10-12-2013 00:00Not After09-12-2023 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before11-06-2015 00:00Not After29-12-2020 23:59SubjectCN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before01-01-1997 00:00Not After31-12-2020 23:59SubjectCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
ab:f3:2a:f8:88:99:8a:8e:b5:06:8b:45:75:14:8c:ee:c2:51:00:bd:16:81:49:22:26:c0:38:b6:a3:e4:d0:daSigner
Actual PE Digestab:f3:2a:f8:88:99:8a:8e:b5:06:8b:45:75:14:8c:ee:c2:51:00:bd:16:81:49:22:26:c0:38:b6:a3:e4:d0:daDigest Algorithmsha256PE Digest Matchesfalsefd:d4:a2:c8:47:22:0d:dc:78:aa:23:1a:06:37:f7:9f:ea:06:3c:adSigner
Actual PE Digestfd:d4:a2:c8:47:22:0d:dc:78:aa:23:1a:06:37:f7:9f:ea:06:3c:adDigest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
firetool.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 126KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b5b75106ac6_stealc.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
waterchrom.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b5d9d3adbaa_defaultr.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
todaysoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 11.0MB - Virtual size: 11.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 140KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b74da9b163e_1234.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
BigWerks.DripUnique.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 498B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 151KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b7a2aef1283_doz.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25-05-2021 00:00Not After31-12-2028 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ce:bb:f6:9f:06:30:55:e8:07:d5:17:9d:4a:44:66:c7Certificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before26-06-2024 00:00Not After26-06-2027 23:59SubjectCN=Florian Heidenreich,O=Florian Heidenreich,ST=Sachsen,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate
IssuerCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBNot Before15-01-2024 00:00Not After14-04-2035 23:59SubjectCN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate
IssuerCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before22-03-2021 00:00Not After18-01-2038 23:59SubjectCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b9:db:9a:64:11:93:c1:e0:fa:71:19:35:c3:7b:3b:05:a7:48:12:18:75:d9:70:b5:bd:b5:6e:a4:0d:6e:0b:17Signer
Actual PE Digestb9:db:9a:64:11:93:c1:e0:fa:71:19:35:c3:7b:3b:05:a7:48:12:18:75:d9:70:b5:bd:b5:6e:a4:0d:6e:0b:17Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
drowsoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b7a4a075311_AsianAsp.exe.exe windows:5 windows x86 arch:x86
be41bf7b8cc010b614bd36bbca606973
Code Sign
4b:2c:3b:01:01:8b:ad:2a:bc:8c:7b:5b:3e:ed:90:57Certificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2046 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c1:34:b2:a3:ae:7f:9b:d5:a2:60:dc:5f:cc:04:08:7cCertificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before21-04-2022 00:00Not After20-04-2025 23:59SubjectCN=Musecy SM Ltd.,O=Musecy SM Ltd.,ST=Lemesos,C=CYExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14-07-2023 00:00Not After13-10-2034 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
e9:32:4e:59:b8:55:aa:13:54:6f:74:9e:3e:a9:9f:a1:cc:f1:eb:11:b1:7e:7a:53:a1:5d:4c:d5:61:3a:f6:71Signer
Actual PE Digeste9:32:4e:59:b8:55:aa:13:54:6f:74:9e:3e:a9:9f:a1:cc:f1:eb:11:b1:7e:7a:53:a1:5d:4c:d5:61:3a:f6:71Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW
user32
GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 458KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 516KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 327KB - Virtual size: 327KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b7d12b3a8ea_5k.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\wmaogm116irqog\obj\Release\MSG.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 409KB - Virtual size: 408KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b7d3a2e7a4d_deepweb.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\uw22uphtu\obj\Release\MSG.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b837290469c_vidar.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25-05-2021 00:00Not After31-12-2028 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ce:bb:f6:9f:06:30:55:e8:07:d5:17:9d:4a:44:66:c7Certificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before26-06-2024 00:00Not After26-06-2027 23:59SubjectCN=Florian Heidenreich,O=Florian Heidenreich,ST=Sachsen,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate
IssuerCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBNot Before15-01-2024 00:00Not After14-04-2035 23:59SubjectCN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate
IssuerCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before22-03-2021 00:00Not After18-01-2038 23:59SubjectCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
9b:e6:c5:0e:aa:9f:7b:c4:be:e0:76:e7:4c:1b:5d:88:3e:e0:b4:6b:78:33:52:ea:17:c2:44:41:e6:de:04:45Signer
Actual PE Digest9b:e6:c5:0e:aa:9f:7b:c4:be:e0:76:e7:4c:1b:5d:88:3e:e0:b4:6b:78:33:52:ea:17:c2:44:41:e6:de:04:45Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
videosoft.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 9.2MB - Virtual size: 9.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/66b85f47d1f63_stealc.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
converter_default.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.9MB - Virtual size: 6.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 1024B - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/ApertureLab.exe.exe windows:5 windows x86 arch:x86
986447145f752ee174944cbcb0f6260b
Code Sign
3a:0d:91:73:22:85:bf:24:fd:a0:56:4a:f5:a9:8e:71Certificate
IssuerCN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=USNot Before22-01-2024 17:14Not After21-01-2025 17:13SubjectSERIALNUMBER=91430104MA4QAQW82U,CN=Changsha Ruike Hotel Management Co.\, Ltd.,O=Changsha Ruike Hotel Management Co.\, Ltd.,L=Changsha,ST=Hunan,C=CN,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate
IssuerCN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=USNot Before26-03-2019 17:44Not After22-03-2034 17:44SubjectCN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14-07-2023 00:00Not After13-10-2034 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4c:73:bc:b4:42:31:87:ba:26:3a:5a:86:20:d8:48:1a:86:ac:15:cd:4e:98:6a:2c:52:61:a3:0b:e3:70:e5:28Signer
Actual PE Digest4c:73:bc:b4:42:31:87:ba:26:3a:5a:86:20:d8:48:1a:86:ac:15:cd:4e:98:6a:2c:52:61:a3:0b:e3:70:e5:28Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
Imports
comctl32
InitCommonControlsEx
shlwapi
SHAutoComplete
kernel32
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
Sleep
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
OpenFileMappingW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
SetFileTime
SetFileAttributesW
GlobalAlloc
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileAttributesW
FlushFileBuffers
ReadFile
GetFileType
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
GetShortPathNameW
GetCPInfo
MoveFileW
CreateFileW
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
CreateFileA
IsDBCSLeadByte
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
user32
EnableWindow
GetDlgItem
ShowWindow
SetWindowLongW
GetDC
ReleaseDC
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
LoadIconW
LoadBitmapW
PostMessageW
GetSysColor
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
OemToCharBuffA
gdi32
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
GetObjectW
DeleteObject
CreateDIBSection
comdlg32
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
shell32
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
SHChangeNotify
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ole32
CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
oleaut32
VariantInit
Sections
.text Size: 162KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 133KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 148KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/Extreme%20Injector%20v3.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/GGWS.exe.exe windows:5 windows x86 arch:x86
bf5a4aa99e5b160f8521cadd6bfe73b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ole32
OleInitialize
oleaut32
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6.0MB - Virtual size: 6.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/GGWSUpdate.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\GGWS\GGWSUpdate\obj\Release\GGWSUpdate.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/Identifications.exe.exe windows:5 windows x64 arch:x64
93b0547f5090c9427cc4f187c26f3f73
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
oleaut32
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
user32
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
kernel32
Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Sleep
gdi32
UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
ole32
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID
comctl32
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
msvcrt
memset
memcpy
shell32
Shell_NotifyIconW
SHGetSpecialFolderPathW
winspool.drv
OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW
winmm
timeGetTime
Exports
Exports
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Sections
.text Size: 5.4MB - Virtual size: 5.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 491KB - Virtual size: 491KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 46KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 154B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 484B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 109B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 279KB - Virtual size: 279KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.pdata Size: 308KB - Virtual size: 308KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/InstallerPack_20.1.23770_win64.exe.exe windows:5 windows x86 arch:x86
42d651751c1d75ed4fa8fe71751854ff
Code Sign
fc:48:49:3e:a5:af:0a:f3:ea:04:0f:de:b7:70:c6:15Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before07-05-2021 00:00Not After06-05-2024 23:59SubjectCN=Screaming Bee Inc,O=Screaming Bee Inc,L=Palm Coast,ST=Florida,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12-03-2019 00:00Not After31-12-2028 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-11-2018 00:00Not After31-12-2030 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11-05-2022 00:00Not After10-08-2033 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
0a:f6:c2:cd:d6:0d:9e:7d:7a:e6:d7:4a:08:76:c0:87:1d:33:ef:adSigner
Actual PE Digest0a:f6:c2:cd:d6:0d:9e:7d:7a:e6:d7:4a:08:76:c0:87:1d:33:ef:adDigest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
C:\agent\_work\66\s\build\ship\x86\burn.pdb
Imports
advapi32
RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW
user32
PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
oleaut32
VariantInit
SysAllocString
VariantClear
SysFreeString
gdi32
DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
shell32
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
ole32
CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoInitializeSecurity
kernel32
GetCPInfo
GetOEMCP
IsValidCodePage
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineA
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetCommandLineW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
GetComputerNameW
SetCurrentDirectoryW
GetFileType
GetACP
ExitProcess
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
LoadLibraryExA
rpcrt4
UuidCreate
Sections
.text Size: 292KB - Virtual size: 291KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 126KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.wixburn Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 166KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/NJTCFVIV.exe.exe windows:4 windows x86 arch:x86
b5a014d7eeb4c2042897567e1288a095
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ord17
kernel32
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetModuleHandleW
GetProcAddress
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceExA
MulDiv
GlobalFree
GlobalAlloc
lstrcmpiA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
MultiByteToWideChar
GetLocaleInfoW
lstrlenA
lstrcmpiW
GetEnvironmentVariableW
lstrcmpW
GlobalMemoryStatusEx
VirtualAlloc
WideCharToMultiByte
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetThreadLocale
GetLocalTime
GetSystemTimeAsFileTime
lstrlenW
GetTempPathW
SetEnvironmentVariableW
CloseHandle
CreateFileW
GetDriveTypeW
SetCurrentDirectoryW
GetModuleFileNameW
GetCommandLineW
GetVersionExW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
TerminateThread
ResumeThread
SuspendThread
IsBadReadPtr
LocalFree
lstrcpyW
FormatMessageW
GetSystemDirectoryW
DeleteCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleHandleA
SystemTimeToFileTime
GetLastError
CreateThread
WaitForSingleObject
GetExitCodeThread
Sleep
SetLastError
SetFileAttributesW
GetDiskFreeSpaceExW
lstrcatW
ExitProcess
CompareFileTime
GetStartupInfoA
user32
CharUpperW
EndDialog
DestroyWindow
KillTimer
ReleaseDC
DispatchMessageW
GetMessageW
SetTimer
CreateWindowExW
ScreenToClient
GetWindowRect
wsprintfW
GetParent
GetSystemMenu
EnableMenuItem
EnableWindow
MessageBeep
LoadIconW
LoadImageW
wvsprintfW
IsWindow
DefWindowProcW
CallWindowProcW
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
GetDC
DrawTextW
ShowWindow
SystemParametersInfoW
SetFocus
SetWindowLongW
GetSystemMetrics
GetClientRect
GetDlgItem
GetKeyState
MessageBoxA
wsprintfA
SetWindowTextW
GetSysColor
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
GetWindowLongW
GetMenu
SetWindowPos
CopyImage
SendMessageW
GetWindowDC
gdi32
GetCurrentObject
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetObjectW
GetDeviceCaps
DeleteObject
CreateFontIndirectW
DeleteDC
shell32
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
ole32
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
oleaut32
VariantClear
OleLoadPicture
SysAllocString
msvcrt
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
memset
_wcsnicmp
strncmp
malloc
memmove
_wtol
memcpy
free
memcmp
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
_controlfp
Sections
.text Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/OpenArk32.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 19.7MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 9.8MB - Virtual size: 9.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 102KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/a/OpenArk64.exe.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 13.3MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 10.7MB - Virtual size: 10.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 102KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/a/STHealthUpdate.exe.exe windows:5 windows x86 arch:x86
bf5a4aa99e5b160f8521cadd6bfe73b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ole32
OleInitialize
oleaut32
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/T7.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Administrator\Desktop\RunPe-Link — копия\RunPE\obj\Release\RunPE.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/T9.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Administrator\Desktop\RunPe-Link — копия\RunPE\obj\Release\RunPE.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/TTF.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Administrator\Desktop\RunPe-Link\RunPE\obj\Release\RunPE.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/U.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Administrator\Desktop\RunPe-Link\RunPE\obj\Release\RunPE.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/Update/server.txt
-
saved from malware/a/WE.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Administrator\Desktop\RunPe-Link\RunPE\obj\Release\RunPE.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/asusns.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
oEDs.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 632KB - Virtual size: 632KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/authenticator.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 766KB - Virtual size: 765KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/backdoor.exe.exe windows:4 windows x86 arch:x86
8e93afb33c433eede3fd358369a7f47e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
AllocConsole
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
msvcrt
_chdir
_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pclose
_pctype
_popen
_setmode
abort
atexit
calloc
exit
fgets
free
fwrite
malloc
mbstowcs
memcmp
memcpy
memset
printf
puts
realloc
setlocale
signal
strcat
strcmp
strcoll
strcpy
strlen
strncmp
strncpy
strtok
tolower
vfprintf
wcstombs
user32
FindWindowA
ShowWindow
wsock32
WSACleanup
WSAStartup
closesocket
connect
htons
inet_addr
recv
send
socket
libgcc_s_dw2-1
_Unwind_Resume
__deregister_frame_info
__register_frame_info
__udivdi3
libstdc++-6
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
_ZNSaIcEC1Ev
_ZNSaIcED1Ev
_ZNSolsEPFRSoS_E
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEPKc
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
__gxx_personality_v0
Sections
.text Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 120B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
/14 Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/29 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/41 Size: 512B - Virtual size: 303B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/55 Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/67 Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/build2.exe.exe windows:5 windows x86 arch:x86
0275392671bba1542f88797f29212ff8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
EnumResourceNamesW
HeapReAlloc
SetFilePointer
CommConfigDialogA
SetConsoleTextAttribute
OpenJobObjectA
GetConsoleAliasA
OpenSemaphoreA
LockFile
GetModuleHandleW
GetTickCount
CreateNamedPipeW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetNumberFormatA
EnumTimeFormatsA
GlobalAlloc
LoadLibraryW
FatalAppExitW
IsBadCodePtr
CreateEventA
SetVolumeMountPointA
SetConsoleCP
ReplaceFileW
CreateFileW
CreateActCtxA
CreateJobObjectA
GetLastError
GetCurrentDirectoryW
SetLastError
GetProcAddress
GlobalFree
LoadLibraryA
OpenThread
InterlockedExchangeAdd
CreateFileMappingW
AddAtomW
SetEnvironmentVariableA
GetOEMCP
SetLocaleInfoW
HeapSetInformation
EnumResourceNamesA
VirtualProtect
PeekConsoleInputA
SetProcessShutdownParameters
SetFileShortNameA
GetDiskFreeSpaceExW
GetCurrentProcessId
LCMapStringW
GetProcessHeap
SetEndOfFile
HeapSize
FlushFileBuffers
WriteConsoleW
SetStdHandle
RaiseException
CreateFileA
CloseHandle
HeapAlloc
MultiByteToWideChar
GetCommandLineW
GetStartupInfoW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
WideCharToMultiByte
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetModuleFileNameW
HeapCreate
RtlUnwind
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
Sleep
GetConsoleCP
GetConsoleMode
ReadFile
user32
CharUpperBuffA
DrawMenuBar
GetMenuBarInfo
ChangeMenuA
GetDC
DrawStateA
GetKeyboardLayout
shell32
FindExecutableA
ole32
StringFromIID
CoRegisterPSClsid
Sections
.text Size: 315KB - Virtual size: 315KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 95KB - Virtual size: 36.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/c7.exe.exe windows:6 windows x86 arch:x86
08b1b12afb6e1cdcf5adc795ee884ca6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
CreateMutexW
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetProcessVersion
GetSystemDirectoryW
GlobalLock
GlobalUnlock
ole32
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
oleaut32
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit
user32
CloseClipboard
GetClipboardData
GetDC
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC
gdi32
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject
Sections
.text Size: 261KB - Virtual size: 260KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/cookie250.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/exec.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/keylogger.exe.exe windows:4 windows x86 arch:x86
aabc7d829ec4bcf3eb634829eff84ef7
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
AllocConsole
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery
msvcrt
_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strcoll
strlen
tolower
vfprintf
wcstombs
user32
FindWindowA
GetAsyncKeyState
GetKeyState
ShowWindow
libgcc_s_dw2-1
_Unwind_Resume
__deregister_frame_info
__register_frame_info
libstdc++-6
_ZNSt14basic_ofstreamIcSt11char_traitsIcEE5closeEv
_ZNSt14basic_ofstreamIcSt11char_traitsIcEE7is_openEv
_ZNSt14basic_ofstreamIcSt11char_traitsIcEEC1EPKcSt13_Ios_Openmode
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c
__gxx_personality_v0
Sections
.text Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 116B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
/14 Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/29 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/41 Size: 512B - Virtual size: 303B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/55 Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/67 Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/l2.exe.exe windows:6 windows x86 arch:x86
28410aacd961a705a3e199dc5b1733bd
Code Sign
37:57:1d:ed:6b:23:b4:82:4f:29:11:2f:37:2e:93:9cCertificate
IssuerCN=Karcher VC 4 Cordless myHome (1.198-620.0)Not Before02-06-2023 12:14Not After03-06-2033 12:14SubjectCN=Karcher VC 4 Cordless myHome (1.198-620.0)39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e6:82:1f:21:ef:a3:17:90:ce:3e:c0:65:89:89:dd:08:70:18:4e:5d:49:18:07:1a:0f:71:fa:00:9b:6f:d4:95Signer
Actual PE Digeste6:82:1f:21:ef:a3:17:90:ce:3e:c0:65:89:89:dd:08:70:18:4e:5d:49:18:07:1a:0f:71:fa:00:9b:6f:d4:95Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
shell32
SHGetFolderPathW
Sections
.MPRESS1 Size: 4.0MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 382KB - Virtual size: 381KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
saved from malware/a/msedge.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 142KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/mservice64.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 664KB - Virtual size: 664KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/nano.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 437KB - Virtual size: 437KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/networks_profile.exe.exe windows:5 windows x64 arch:x64
2cdcfb3a828433ba76b5b41f45519bd9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
FreeLibrary
LoadLibraryExW
CloseHandle
GetCurrentProcess
LoadLibraryA
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
GetStartupInfoW
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
advapi32
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
Sections
.text Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/out_test_sig.exe.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 651KB - Virtual size: 651KB
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1024B
IMAGE_SCN_MEM_READ
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_MEM_READ
-
saved from malware/a/pimer_bbbcontents7.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
pimer.bbbcontents7.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 506B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/regasm.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Eycb.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 524KB - Virtual size: 523KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/request.exe.exe windows:6 windows x86 arch:x86
015966a997659caed7ef58f6ab2e8bde
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
Sleep
CopyFileA
GetLastError
CloseHandle
VirtualProtectEx
ResumeThread
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateProcessA
SetThreadContext
GetComputerNameA
WriteConsoleW
WaitForSingleObject
CreateMutexA
VirtualAlloc
WriteProcessMemory
GetThreadContext
GetModuleFileNameA
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile
advapi32
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey
shell32
ShellExecuteA
ole32
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
oleaut32
VariantInit
SysFreeString
VariantClear
SysAllocString
wininet
InternetOpenUrlA
InternetOpenW
InternetCloseHandle
InternetReadFile
ws2_32
sendto
htons
recv
connect
socket
send
inet_addr
WSACleanup
closesocket
WSAStartup
Sections
.text Size: 229KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/robotic.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 366KB - Virtual size: 365KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/sahost.exe.exe windows:4 windows x86 arch:x86
61259b55b8912888e90f516ca08dc514
Code Sign
59:bc:90:e9:59:74:50:6a:6e:e8:6b:bb:4a:61:ea:bc:34:4a:83:92Certificate
IssuerCN=Storbyens Forfjerdinger Kalibreringsmaalernes\ ,O=Indkomstopgrelsers,L=Firminy,ST=Auvergne-Rhône-Alpes,C=FRNot Before02-08-2024 01:06Not After02-08-2027 01:06SubjectCN=Storbyens Forfjerdinger Kalibreringsmaalernes\ ,O=Indkomstopgrelsers,L=Firminy,ST=Auvergne-Rhône-Alpes,C=FR59:bc:90:e9:59:74:50:6a:6e:e8:6b:bb:4a:61:ea:bc:34:4a:83:92Certificate
IssuerCN=Storbyens Forfjerdinger Kalibreringsmaalernes\ ,O=Indkomstopgrelsers,L=Firminy,ST=Auvergne-Rhône-Alpes,C=FRNot Before02-08-2024 01:06Not After02-08-2027 01:06SubjectCN=Storbyens Forfjerdinger Kalibreringsmaalernes\ ,O=Indkomstopgrelsers,L=Firminy,ST=Auvergne-Rhône-Alpes,C=FR38:07:ff:d9:3c:fd:d1:3b:04:eb:03:fb:2b:1a:b2:a8:d4:e6:93:98:a5:1c:be:ad:e9:79:b0:ec:68:b7:1b:d7Signer
Actual PE Digest38:07:ff:d9:3c:fd:d1:3b:04:eb:03:fb:2b:1a:b2:a8:d4:e6:93:98:a5:1c:be:ad:e9:79:b0:ec:68:b7:1b:d7Digest Algorithmsha256PE Digest Matchestruef1:fc:87:ab:2e:99:84:9d:96:94:3a:95:fb:a0:6b:52:3d:8e:5d:1dSigner
Actual PE Digestf1:fc:87:ab:2e:99:84:9d:96:94:3a:95:fb:a0:6b:52:3d:8e:5d:1dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 180KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/settings.xml
-
saved from malware/a/sthealthclient.exe.exe windows:5 windows x86 arch:x86
bf5a4aa99e5b160f8521cadd6bfe73b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ole32
OleInitialize
oleaut32
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
saved from malware/a/stub.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
saved from malware/a/wahost.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 696KB - Virtual size: 693KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ