aa09f23a486603056a2574648c17cd17_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

aa09f23a486603056a2574648c17cd17_JaffaCakes118
Size

354KB
MD5

aa09f23a486603056a2574648c17cd17
SHA1

c12babacdbb79205e4c613bc8ab32e21fcc9c31c
SHA256

8bfb7135402915778f3c6c3ee8d60abd9817e92a10cf51224a0950030d681a60
SHA512

19628ef02b2d7a1736e8e05da60da99de20d86764ad7723c827fdfc0d7cf882366efd15b6e2b89282e9719ff21061f6693f7c818423dd0562e1ee1e9a9c46232
SSDEEP

6144:2DOl8PDJSbNjhpPj6qBLc/ayvCPbl5WppFMiA5dAEjq/cabRWh2L5yhvGuuST1gC:IC8FCfAT6Pbl2EaqWUh2LchvGZi1tHf

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
aa09f23a486603056a2574648c17cd17_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack001/mosquitto.dll
unpack001/mosquitto.exe
unpack001/mosquitto_passwd.exe
unpack001/mosquitto_pub.exe
unpack001/mosquitto_sub.exe
unpack001/mosquittopp.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

aa09f23a486603056a2574648c17cd17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChangeLog.txt
Uninstall.exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aclfile.example
devel/mosquitto.h
devel/mosquitto.lib
devel/mosquitto_plugin.h
devel/mosquittopp.h
devel/mosquittopp.lib
edl-v10
epl-v10
mosquitto.conf
mosquitto.dll
.dll windows:6 windows x64 arch:x64

a56a22a834bdb01572f82fd02b2649cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libssl-1_1-x64

SSL_write
SSL_ctrl
SSL_CTX_ctrl
SSL_get_error
TLS_client_method
SSL_shutdown
SSL_CTX_load_verify_locations
SSL_set_ex_data
SSL_get_ex_data
OPENSSL_init_ssl
SSL_CTX_up_ref
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_CTX_free
SSL_read
SSL_connect
SSL_new
SSL_CTX_check_private_key
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_verify
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_PrivateKey_file
SSL_set_bio
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_psk_client_callback
SSL_CTX_set_options
SSL_free
SSL_pending

libcrypto-1_1-x64

BIO_new_socket
CONF_modules_unload
ERR_get_error
ERR_clear_error
ERR_error_string
OPENSSL_sk_num
OPENSSL_sk_value
OPENSSL_init_crypto
BN_hex2bn
CRYPTO_get_ex_new_index
ASN1_STRING_get0_data
X509_STORE_CTX_get_ex_data
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_current_cert
X509_get_subject_name
X509_NAME_get_text_by_NID
X509_get_ext_d2i
GENERAL_NAME_free
BN_num_bits
BN_bn2bin
BN_free
OPENSSL_sk_pop_free

ws2_32

inet_pton
freeaddrinfo
getaddrinfo
WSASetLastError
WSACleanup
WSAStartup
socket
send
listen
htons
htonl
getsockname
ioctlsocket
connect
bind
accept
WSAGetLastError
select
recv
closesocket
__WSAFDIsSet

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetTickCount64
ExpandEnvironmentStringsA
CreateFileA
LocalFree
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

advapi32

InitializeSecurityDescriptor
GetUserNameA
SetEntriesInAclA
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl

vcruntime140

memset
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
free

api-ms-win-crt-stdio-l1-1-0

fclose
fopen
_close
_open_osfhandle
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_dll
_initterm
_initterm_e
_execute_onexit_table
strerror
_configure_narrow_argv
_errno
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-string-l1-1-0

_stricmp
_strdup
strncmp
strspn

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

mosquitto_connack_string
mosquitto_connect
mosquitto_connect_async
mosquitto_connect_bind
mosquitto_connect_bind_async
mosquitto_connect_callback_set
mosquitto_connect_srv
mosquitto_connect_with_flags_callback_set
mosquitto_destroy
mosquitto_disconnect
mosquitto_disconnect_callback_set
mosquitto_lib_cleanup
mosquitto_lib_init
mosquitto_lib_version
mosquitto_log_callback_set
mosquitto_loop
mosquitto_loop_forever
mosquitto_loop_misc
mosquitto_loop_read
mosquitto_loop_start
mosquitto_loop_stop
mosquitto_loop_write
mosquitto_max_inflight_messages_set
mosquitto_message_callback_set
mosquitto_message_copy
mosquitto_message_free
mosquitto_message_free_contents
mosquitto_message_retry_set
mosquitto_new
mosquitto_opts_set
mosquitto_pub_topic_check
mosquitto_pub_topic_check2
mosquitto_publish
mosquitto_publish_callback_set
mosquitto_reconnect
mosquitto_reconnect_async
mosquitto_reconnect_delay_set
mosquitto_reinitialise
mosquitto_socket
mosquitto_socks5_set
mosquitto_strerror
mosquitto_sub_topic_check
mosquitto_sub_topic_check2
mosquitto_sub_topic_tokenise
mosquitto_sub_topic_tokens_free
mosquitto_subscribe
mosquitto_subscribe_callback
mosquitto_subscribe_callback_set
mosquitto_subscribe_simple
mosquitto_threaded_set
mosquitto_tls_insecure_set
mosquitto_tls_opts_set
mosquitto_tls_psk_set
mosquitto_tls_set
mosquitto_topic_matches_sub
mosquitto_topic_matches_sub2
mosquitto_unsubscribe
mosquitto_unsubscribe_callback_set
mosquitto_user_data_set
mosquitto_username_pw_set
mosquitto_validate_utf8
mosquitto_want_write
mosquitto_will_clear
mosquitto_will_set

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mosquitto.exe
.exe windows:6 windows x64 arch:x64

157f13c68f43ffa1e0a85b6c3ed932a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libssl-1_1-x64

SSL_new
SSL_accept
SSL_want
SSL_get_fd
SSL_set_fd
SSL_get_rbio
SSL_get_wbio
SSL_set_info_callback
SSL_CTX_get_ex_data
SSL_CTX_clear_options
SSL_get_servername
SSL_CTX_callback_ctrl
SSL_set_SSL_CTX
SSL_CTX_set_ex_data
SSL_CTX_ctrl
SSL_get_error
TLS_server_method
SSL_CTX_load_verify_locations
SSL_set_ex_data
SSL_get_ex_data
SSL_CTX_set_psk_client_callback
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_free
SSL_connect
SSL_read
SSL_write
SSL_ctrl
TLS_client_method
SSL_shutdown
OPENSSL_init_ssl
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_SSL_CTX
SSL_get_peer_certificate
SSL_CTX_set_session_id_context
SSL_CTX_check_private_key
SSL_CTX_set_verify
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_PrivateKey_file
SSL_set_bio
SSL_CTX_get_cert_store
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_use_psk_identity_hint
SSL_CTX_set_psk_server_callback
SSL_CTX_set_options
SSL_pending
SSL_CTX_free

libcrypto-1_1-x64

X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_current_cert
ASN1_STRING_get0_data
X509_NAME_get_text_by_NID
OPENSSL_sk_pop_free
OPENSSL_sk_value
X509_get_ext_d2i
OPENSSL_sk_num
EVP_get_digestbyname
BIO_f_base64
GENERAL_NAME_free
BIO_free_all
BN_num_bits
BN_bn2bin
BN_free
EVP_DigestFinal_ex
BN_hex2bn
BIO_push
BIO_write
BIO_read
BIO_set_flags
CONF_modules_unload
OPENSSL_init_crypto
ERR_error_string
ERR_clear_error
ERR_get_error
X509_load_crl_file
X509_LOOKUP_file
EVP_DigestUpdate
EVP_DigestInit_ex
X509_STORE_add_lookup
ERR_error_string_n
OBJ_sn2nid
EC_KEY_new_by_curve_name
EC_KEY_free
X509_STORE_set_flags
BIO_new_socket
CRYPTO_get_ex_new_index
X509_NAME_ENTRY_get_data
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_NAME_print_ex
X509_get_subject_name
X509_free
ASN1_STRING_data
ASN1_STRING_length
EVP_MD_CTX_free
EVP_MD_CTX_new
BIO_s_mem
BIO_ctrl
BIO_free
X509_STORE_CTX_get_ex_data
BIO_new

ws2_32

gethostbyname
select
inet_addr
getsockname
shutdown
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
getprotobyname
WSAStringToAddressW
gethostname
getaddrinfo
freeaddrinfo
WSAIoctl
getsockopt
WSAPoll
accept
bind
getpeername
listen
ntohs
setsockopt
socket
WSAGetLastError
inet_ntop
connect
WSAWaitForMultipleEvents
htons
recv
send
WSAStartup
WSACleanup
WSASetLastError
htonl
ntohl
inet_pton
WSAResetEvent
WSASetEvent
WSAAddressToStringW
closesocket
ioctlsocket

iphlpapi

GetAdaptersAddresses

kernel32

GetModuleHandleW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
CloseHandle
WriteFile
SetFilePointerEx
ReadFile
GetFileSizeEx
RtlCaptureContext
CreateFileW
GetModuleFileNameA
GetEnvironmentVariableA
CreateFileA
ExpandEnvironmentStringsA
GetTickCount64
GetCurrentProcessId
WaitForMultipleObjects
CreateEventA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
FormatMessageA
LocalFree
GetSystemTime
CreateThread
FindNextFileA
FindFirstFileA
FindClose
RtlLookupFunctionEntry
GetFileSize

advapi32

DeleteService
CloseEventLog
OpenEventLogA
ReportEventA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
SetEntriesInAclA
BuildExplicitAccessWithNameA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA

vcruntime140

memcmp
__C_specific_handler
strstr
strchr
memmove
memcpy
memset
strrchr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_setmaxstdio
fread
_fileno
_isatty
__acrt_iob_func
fclose
feof
fgets
__stdio_common_vfprintf
__stdio_common_vsprintf
_open
_read
_open_osfhandle
fseek
fopen
_getmaxstdio
_close
_set_fmode
fwrite
fflush
__stdio_common_vsprintf_s

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
realloc
calloc

api-ms-win-crt-convert-l1-1-0

atoi
atol
atoll

api-ms-win-crt-string-l1-1-0

strspn
strtok
strncmp
strncpy
strtok_s
strpbrk
strcmp
_stricmp
_strdup

api-ms-win-crt-time-l1-1-0

_time64
_tzset
__daylight
__timezone
_localtime64

api-ms-win-crt-runtime-l1-1-0

__p___argv
exit
strerror_s
strerror
signal
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_getpid
_get_initial_narrow_environment
_initterm
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_errno
__p___argc
_exit

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_fullpath
remove
rename
_stat32i64

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr
exp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mosquitto_passwd.exe
.exe windows:6 windows x64 arch:x64

f99b67691d2e11541d153db0076f5275

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcrypto-1_1-x64

EVP_MD_CTX_new
RAND_bytes
EVP_get_digestbyname
BIO_f_base64
EVP_DigestFinal_ex
EVP_DigestUpdate
EVP_DigestInit_ex
EVP_MD_CTX_free
OPENSSL_init_crypto
BIO_s_mem
BIO_free_all
BIO_push
BIO_ctrl
BIO_write
BIO_new
BIO_set_flags

kernel32

GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ReadConsoleA
GetStdHandle
GetConsoleMode
SetConsoleMode

vcruntime140

memcpy
memset
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
terminate
exit
_register_onexit_function
signal
strerror
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_cexit
__p___argc
__p___argv

api-ms-win-crt-stdio-l1-1-0

_chsize
fclose
feof
__stdio_common_vsprintf_s
__p__commode
__stdio_common_vfprintf
tmpfile
rewind
fwrite
fread
fopen
fgets
fflush
_fileno
_set_fmode
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-filesystem-l1-1-0

_fullpath
_unlink

api-ms-win-crt-string-l1-1-0

strtok
strncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mosquitto_pub.exe
.exe windows:6 windows x64 arch:x64

ab0fad51ea0e641167cb843c1bd55e12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mosquitto

mosquitto_tls_set
mosquitto_tls_insecure_set
mosquitto_tls_opts_set
mosquitto_tls_psk_set
mosquitto_max_inflight_messages_set
mosquitto_connect_bind
mosquitto_socks5_set
mosquitto_lib_version
mosquitto_will_set
mosquitto_pub_topic_check
mosquitto_sub_topic_check
mosquitto_opts_set
mosquitto_validate_utf8
mosquitto_username_pw_set
mosquitto_connack_string
mosquitto_strerror
mosquitto_log_callback_set
mosquitto_publish_callback_set
mosquitto_disconnect_callback_set
mosquitto_connect_callback_set
mosquitto_loop_stop
mosquitto_loop_start
mosquitto_loop
mosquitto_publish
mosquitto_disconnect
mosquitto_destroy
mosquitto_new
mosquitto_lib_cleanup
mosquitto_lib_init

ws2_32

gethostname

kernel32

GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetEnvironmentVariableA
FormatMessageA

vcruntime140

memset
memcpy
strchr
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_errno
_crt_atexit
_c_exit
_cexit
__p___argv
__p___argc
exit
_initterm_e
_initterm
terminate
_getpid
_register_onexit_function
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
fclose
__stdio_common_vsprintf_s
__stdio_common_vfprintf
ftell
fseek
feof
__p__commode
fread
fopen
fgets

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
_strnicmp
strtok
_strdup

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mosquitto_sub.exe
.exe windows:6 windows x64 arch:x64

0c1f19c45e55fafab9b65b14b1c2f417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mosquitto

mosquitto_tls_insecure_set
mosquitto_tls_psk_set
mosquitto_tls_set
mosquitto_socks5_set
mosquitto_opts_set
mosquitto_pub_topic_check
mosquitto_username_pw_set
mosquitto_connect_bind
mosquitto_max_inflight_messages_set
mosquitto_sub_topic_check
mosquitto_will_set
mosquitto_tls_opts_set
mosquitto_validate_utf8
mosquitto_lib_version
mosquitto_topic_matches_sub
mosquitto_connack_string
mosquitto_strerror
mosquitto_log_callback_set
mosquitto_subscribe_callback_set
mosquitto_message_callback_set
mosquitto_connect_with_flags_callback_set
mosquitto_loop_forever
mosquitto_unsubscribe
mosquitto_subscribe
mosquitto_disconnect
mosquitto_destroy
mosquitto_new
mosquitto_lib_cleanup
mosquitto_lib_init

ws2_32

gethostname

kernel32

GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocalTime
GetEnvironmentVariableA
FormatMessageA

vcruntime140

strchr
memset
memcpy
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_register_onexit_function
_initialize_onexit_table
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_getpid
_set_app_type
_seh_filter_exe
__p___argc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
fflush
__p__commode
fputc
fputs
__stdio_common_vsprintf_s
fopen
fgets
fclose
fwrite
_set_fmode

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_time64

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-string-l1-1-0

strtok
_strdup
strncmp
strcmp
_strnicmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mosquittopp.dll
.dll windows:6 windows x64 arch:x64

fbc331466a26452b0d3928f040d36b92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mosquitto

mosquitto_publish_callback_set
mosquitto_message_callback_set
mosquitto_subscribe_callback_set
mosquitto_unsubscribe_callback_set
mosquitto_log_callback_set
mosquitto_reconnect_delay_set
mosquitto_max_inflight_messages_set
mosquitto_message_retry_set
mosquitto_publish
mosquitto_disconnect_callback_set
mosquitto_strerror
mosquitto_connack_string
mosquitto_sub_topic_tokenise
mosquitto_sub_topic_tokens_free
mosquitto_topic_matches_sub
mosquitto_subscribe_simple
mosquitto_subscribe_callback
mosquitto_validate_utf8
mosquitto_disconnect
mosquitto_connect_with_flags_callback_set
mosquitto_connect_callback_set
mosquitto_tls_psk_set
mosquitto_tls_opts_set
mosquitto_tls_insecure_set
mosquitto_tls_set
mosquitto_opts_set
mosquitto_threaded_set
mosquitto_want_write
mosquitto_loop_misc
mosquitto_loop_write
mosquitto_loop_read
mosquitto_socket
mosquitto_loop_stop
mosquitto_loop_start
mosquitto_loop_forever
mosquitto_loop
mosquitto_unsubscribe
mosquitto_socks5_set
mosquitto_subscribe
mosquitto_reconnect_async
mosquitto_reconnect
mosquitto_connect_bind_async
mosquitto_connect_async
mosquitto_connect_bind
mosquitto_connect
mosquitto_username_pw_set
mosquitto_will_clear
mosquitto_will_set
mosquitto_reinitialise
mosquitto_destroy
mosquitto_new
mosquitto_lib_cleanup
mosquitto_user_data_set
mosquitto_lib_init

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_initterm_e
_initterm
terminate
_execute_onexit_table
_cexit
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

free

kernel32

IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

??0mosquittopp@mosqpp@@QEAA@AEBV01@@Z
??0mosquittopp@mosqpp@@QEAA@PEBD_N@Z
??1mosquittopp@mosqpp@@UEAA@XZ
??4mosquittopp@mosqpp@@QEAAAEAV01@AEBV01@@Z
??_7mosquittopp@mosqpp@@6B@
??_Fmosquittopp@mosqpp@@QEAAXXZ
?connack_string@mosqpp@@YAPEBDH@Z
?connect@mosquittopp@mosqpp@@QEAAHPEBDHH0@Z
?connect@mosquittopp@mosqpp@@QEAAHPEBDHH@Z
?connect_async@mosquittopp@mosqpp@@QEAAHPEBDHH0@Z
?connect_async@mosquittopp@mosqpp@@QEAAHPEBDHH@Z
?disconnect@mosquittopp@mosqpp@@QEAAHXZ
?lib_cleanup@mosqpp@@YAHXZ
?lib_init@mosqpp@@YAHXZ
?lib_version@mosqpp@@YAHPEAH00@Z
?loop@mosquittopp@mosqpp@@QEAAHHH@Z
?loop_forever@mosquittopp@mosqpp@@QEAAHHH@Z
?loop_misc@mosquittopp@mosqpp@@QEAAHXZ
?loop_read@mosquittopp@mosqpp@@QEAAHH@Z
?loop_start@mosquittopp@mosqpp@@QEAAHXZ
?loop_stop@mosquittopp@mosqpp@@QEAAH_N@Z
?loop_write@mosquittopp@mosqpp@@QEAAHH@Z
?max_inflight_messages_set@mosquittopp@mosqpp@@QEAAHI@Z
?message_retry_set@mosquittopp@mosqpp@@QEAAXI@Z
?on_connect@mosquittopp@mosqpp@@UEAAXH@Z
?on_connect_with_flags@mosquittopp@mosqpp@@UEAAXHH@Z
?on_disconnect@mosquittopp@mosqpp@@UEAAXH@Z
?on_error@mosquittopp@mosqpp@@UEAAXXZ
?on_log@mosquittopp@mosqpp@@UEAAXHPEBD@Z
?on_message@mosquittopp@mosqpp@@UEAAXPEBUmosquitto_message@@@Z
?on_publish@mosquittopp@mosqpp@@UEAAXH@Z
?on_subscribe@mosquittopp@mosqpp@@UEAAXHHPEBH@Z
?on_unsubscribe@mosquittopp@mosqpp@@UEAAXH@Z
?opts_set@mosquittopp@mosqpp@@QEAAHW4mosq_opt_t@@PEAX@Z
?publish@mosquittopp@mosqpp@@QEAAHPEAHPEBDHPEBXH_N@Z
?reconnect@mosquittopp@mosqpp@@QEAAHXZ
?reconnect_async@mosquittopp@mosqpp@@QEAAHXZ
?reconnect_delay_set@mosquittopp@mosqpp@@QEAAXII_N@Z
?reinitialise@mosquittopp@mosqpp@@QEAAHPEBD_N@Z
?socket@mosquittopp@mosqpp@@QEAAHXZ
?socks5_set@mosquittopp@mosqpp@@QEAAHPEBDH00@Z
?strerror@mosqpp@@YAPEBDH@Z
?sub_topic_tokenise@mosqpp@@YAHPEBDPEAPEAPEADPEAH@Z
?sub_topic_tokens_free@mosqpp@@YAHPEAPEAPEADH@Z
?subscribe@mosquittopp@mosqpp@@QEAAHPEAHPEBDH@Z
?subscribe_callback@mosqpp@@YAHP6AHPEAUmosquitto@@PEAXPEBUmosquitto_message@@@Z1PEBDH4H4H_N44PEBUlibmosquitto_will@@PEBUlibmosquitto_tls@@@Z
?subscribe_simple@mosqpp@@YAHPEAPEAUmosquitto_message@@H_NPEBDH2H2H122PEBUlibmosquitto_will@@PEBUlibmosquitto_tls@@@Z
?threaded_set@mosquittopp@mosqpp@@QEAAH_N@Z
?tls_insecure_set@mosquittopp@mosqpp@@QEAAH_N@Z
?tls_opts_set@mosquittopp@mosqpp@@QEAAHHPEBD0@Z
?tls_psk_set@mosquittopp@mosqpp@@QEAAHPEBD00@Z
?tls_set@mosquittopp@mosqpp@@QEAAHPEBD000P6AHPEADHHPEAX@Z@Z
?topic_matches_sub@mosqpp@@YAHPEBD0PEA_N@Z
?unsubscribe@mosquittopp@mosqpp@@QEAAHPEAHPEBD@Z
?user_data_set@mosquittopp@mosqpp@@QEAAXPEAX@Z
?username_pw_set@mosquittopp@mosqpp@@QEAAHPEBD0@Z
?validate_utf8@mosqpp@@YAHPEBDH@Z
?want_write@mosquittopp@mosqpp@@QEAA_NXZ
?will_clear@mosquittopp@mosqpp@@QEAAHXZ
?will_set@mosquittopp@mosqpp@@QEAAHPEBDHPEBXH_N@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwfile.example
readme-windows.txt
readme.md

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 88KB

.rsrc Size: 19KB - Virtual size: 18KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 620B

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 88KB

.rsrc Size: 19KB - Virtual size: 18KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 24B