xmrig | SheetRat v2[.]6[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SheetRat v2.6.zip
Size

13.9MB
MD5

9621f795789fb2aa71d5053c28e6e3ba
SHA1

9d67d970d3ed39e82697010c693564a5eafb2dfd
SHA256

c07ba7f9cdc382bef10786321d80f1636a59158466d2fc0c25f2489801f7201e
SHA512

6874d189bc9d05881af4fcbfe1d5b904fe8da880bf0e22568d620f4cd02edf83c7c51ca1fe80d434ebe4a6888261ff3e5ff2cb1686205d5cde8e7b42a535b430
SSDEEP

393216:PwlnqyZkce7GLrgHwEcd1Jtu9VkhpsplF12hcKXfF3ZXHv:4lnqOkce7G3ffLJtpU12mOHv

Score

10^/10

pyinstaller miner xmrig

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
static1/unpack001/sheet rat v2.6/Plugins/SystemDisable.dll	disable_win_def

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
static1/unpack001/sheet rat v2.6/Stub/xmrminer.exe	xmrig
static1/unpack001/sheet rat v2.6/Stub/xmrminer.exe	family_xmrig

Xmrig family
xmrig

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/sheet rat v2.6/Stub/sigthief.exe	pyinstaller

Unsigned PE 32 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sheet rat v2.6/Confused/Server.exe
unpack001/sheet rat v2.6/GMap.NET.WindowsForms.dll
unpack001/sheet rat v2.6/IconExtractor.dll
unpack001/sheet rat v2.6/Ionic.Zip.dll
unpack001/sheet rat v2.6/MetroFramework.Fonts.dll
unpack001/sheet rat v2.6/MetroFramework.dll
unpack001/sheet rat v2.6/NAudio.dll
unpack001/sheet rat v2.6/Plugins/AutoRun.dll
unpack001/sheet rat v2.6/Plugins/Chat.dll
unpack001/sheet rat v2.6/Plugins/Clipboard.dll
unpack001/sheet rat v2.6/Plugins/Images.dll
unpack001/sheet rat v2.6/Plugins/Keylogger.dll
unpack001/sheet rat v2.6/Plugins/Map.dll
unpack001/sheet rat v2.6/Plugins/Message.dll
unpack001/sheet rat v2.6/Plugins/MinerEtc.dll
unpack001/sheet rat v2.6/Plugins/MinerXmr.dll
unpack001/sheet rat v2.6/Plugins/Netstat.dll
unpack001/sheet rat v2.6/Plugins/ReverseProxy.dll
unpack001/sheet rat v2.6/Plugins/SendFile.dll
unpack001/sheet rat v2.6/Plugins/Service.dll
unpack001/sheet rat v2.6/Plugins/Shell.dll
unpack001/sheet rat v2.6/Plugins/SpeakBot.dll
unpack001/sheet rat v2.6/Plugins/System.dll
unpack001/sheet rat v2.6/Plugins/SystemDisable.dll
unpack001/sheet rat v2.6/Plugins/TaskMgr.dll
unpack001/sheet rat v2.6/Plugins/Uac.dll
unpack001/sheet rat v2.6/Server.exe
unpack001/sheet rat v2.6/Stub/Client.exe
unpack001/sheet rat v2.6/Stub/ethminer.exe
unpack001/sheet rat v2.6/Stub/sigthief.exe
unpack001/sheet rat v2.6/Stub/xmrminer.exe
unpack001/sheet rat v2.6/protobuf-net.dll

Files

SheetRat v2.6.zip
.zip
sheet rat v2.6/ConfigBulid.json
sheet rat v2.6/Confused/Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

^XV%*hqh
Size: 974KB - Virtual size: 973KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 904KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
sheet rat v2.6/GMap.NET.WindowsForms.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/IconExtractor.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\HMJ\Desktop\IconExtractor-master\IconExtractor\obj\Release\IconExtractor.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Release\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Maps.json
sheet rat v2.6/MetroFramework.Fonts.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Development\Desktop\Github\winforms-modernui\MetroFramework.Fonts\obj\Release\MetroFramework.Fonts.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/MetroFramework.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/NAudio.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-01-2021 00:00

Not After

14-01-2046 23:59

Subject

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-07-2021 00:00

Not After

14-07-2031 23:59

Subject

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Not Before

13-08-2021 00:00

Not After

29-10-2024 23:59

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

Actual PE Digest

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/AutoRun.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\AutoRun\obj\Release\AutoRun.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Chat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Chat\obj\Release\Chat.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Clipboard.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Clipboard\obj\Release\Clipboard.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Images.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Images\obj\Release\Images.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Keylogger.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Keylogger\obj\Release\Keylogger.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Map.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\ClassLibrary1\obj\Release\Map.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Message.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\MesssageBox\obj\Release\Message.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/MinerEtc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\MinerEtc\obj\Release\MinerEtc.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/MinerXmr.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\MinerXmr\obj\Release\MinerXmr.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Netstat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Netstat\obj\Release\Netstat.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/ReverseProxy.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\ReverseProxy\obj\Release\ReverseProxy.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/SendFile.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\SendFile\obj\Release\SendFile.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Service.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Service\obj\Release\Service.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Shell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Shell\obj\Release\Shell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/SpeakBot.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\SpeakBot\obj\Release\SpeakBot.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/System.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\System\obj\Release\System.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/SystemDisable.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\SystemDisable\obj\Release\SystemDisable.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/TaskMgr.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\TaskMgr\obj\Release\TaskMgr.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Plugins/Uac.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Plugins\Uac\obj\Release\Uac.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 802KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Server.exe.config
.xml
sheet rat v2.6/Stub/Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Malware\Desktop\hack tool\Backdoor\Sheet rat v 2.2\Src\Client\obj\Release\Client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Stub/ethminer.exe
.exe windows:6 windows x64 arch:x64

601d901af8200f541117a59e7736bfef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opencl

clReleaseContext
clReleaseDevice
clCreateBuffer
clEnqueueNDRangeKernel
clBuildProgram
clReleaseProgram
clRetainDevice
clReleaseKernel
clCreateCommandQueue
clFinish
clEnqueueReadBuffer
clGetDeviceIDs
clRetainProgram
clCreateContext
clGetPlatformIDs
clGetPlatformInfo
clGetDeviceInfo
clReleaseMemObject
clGetProgramBuildInfo
clEnqueueWriteBuffer
clCreateKernel
clCreateProgramWithSource
clSetKernelArg
clReleaseCommandQueue
clCreateProgramWithBinary

kernel32

SetLastError
EnterCriticalSection
GetStdHandle
SetConsoleMode
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
GetConsoleMode
FormatMessageW
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
QueueUserAPC
CreateWaitableTimerA
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
TlsGetValue
SetConsoleOutputCP
GetSystemTimeAsFileTime
TlsFree
GetComputerNameExA
FormatMessageA
CreateEventA
CreateIoCompletionPort
AreFileApisANSI
TerminateProcess
GetModuleFileNameW
MultiByteToWideChar
GetCurrentProcess
ReleaseSemaphore
DuplicateHandle
WaitForSingleObjectEx
QueryPerformanceFrequency
CreateSemaphoreA
QueryPerformanceCounter
Process32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
SetThreadExecutionState
GetTickCount
GetComputerNameA
GetModuleHandleA
Sleep
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
GetLogicalProcessorInformation
ExpandEnvironmentStringsA
LoadLibraryA
FreeLibrary
GetModuleHandleW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
FindClose
FindFirstFileW
FindNextFileW
LoadLibraryExA
VerifyVersionInfoA
HeapCreate
HeapDestroy
HeapReAlloc
InitializeCriticalSection
TryEnterCriticalSection
SwitchToThread
GetCurrentThread
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibraryAndExitThread
RtlUnwind
GetProcessAffinityMask
SetThreadAffinityMask
LoadLibraryExW
FileTimeToSystemTime
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
ReadConsoleA
ReadConsoleW
PeekNamedPipe
GetDriveTypeW
ExitThread
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
TlsSetValue
SetWaitableTimer
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
ExitProcess
SetStdHandle
ReadFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetEnvironmentVariableW
FindFirstFileExW
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
GetExitCodeThread
RaiseException
RtlPcToFileHeader
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetLastInputInfo

advapi32

CryptExportKey
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
GetUserNameA
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey

ws2_32

socket
freeaddrinfo
WSACleanup
WSAStartup
getnameinfo
ioctlsocket
getsockopt
recv
connect
WSAGetLastError
send
ntohs
getpeername
getaddrinfo
inet_pton
WSASocketW
shutdown
select
closesocket
__WSAFDIsSet
WSAStringToAddressW
WSASetLastError
ntohl
htons
htonl
WSARecv
WSAAddressToStringW
getsockname
listen
WSASend
WSAIoctl
bind
accept
setsockopt

crypt32

CertFreeCertificateContext
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

??0CharReader@Json@@QEAA@AEBV01@@Z
??0CharReader@Json@@QEAA@XZ
??0CharReaderBuilder@Json@@QEAA@AEBV01@@Z
??0CharReaderBuilder@Json@@QEAA@XZ
??0Exception@Json@@QEAA@AEBV01@@Z
??0Exception@Json@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Factory@CharReader@Json@@QEAA@AEBV012@@Z
??0Factory@CharReader@Json@@QEAA@XZ
??0Factory@StreamWriter@Json@@QEAA@AEBV012@@Z
??0Factory@StreamWriter@Json@@QEAA@XZ
??0FastWriter@Json@@QEAA@AEBV01@@Z
??0FastWriter@Json@@QEAA@XZ
??0Features@Json@@QEAA@XZ
??0LogicError@Json@@QEAA@$$QEAV01@@Z
??0LogicError@Json@@QEAA@AEBV01@@Z
??0LogicError@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Path@Json@@QEAA@$$QEAV01@@Z
??0Path@Json@@QEAA@AEBV01@@Z
??0Path@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVPathArgument@1@1111@Z
??0PathArgument@Json@@QEAA@$$QEAV01@@Z
??0PathArgument@Json@@QEAA@AEBV01@@Z
??0PathArgument@Json@@QEAA@I@Z
??0PathArgument@Json@@QEAA@PEBD@Z
??0PathArgument@Json@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0PathArgument@Json@@QEAA@XZ
??0Reader@Json@@QEAA@$$QEAV01@@Z
??0Reader@Json@@QEAA@AEBV01@@Z
??0Reader@Json@@QEAA@AEBVFeatures@1@@Z
??0Reader@Json@@QEAA@XZ
??0RuntimeError@Json@@QEAA@$$QEAV01@@Z
??0RuntimeError@Json@@QEAA@AEBV01@@Z
??0RuntimeError@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StaticString@Json@@QEAA@PEBD@Z
??0StreamWriter@Json@@QEAA@AEBV01@@Z
??0StreamWriter@Json@@QEAA@XZ
??0StreamWriterBuilder@Json@@QEAA@AEBV01@@Z
??0StreamWriterBuilder@Json@@QEAA@XZ
??0StyledStreamWriter@Json@@QEAA@AEBV01@@Z
??0StyledStreamWriter@Json@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StyledWriter@Json@@QEAA@AEBV01@@Z
??0StyledWriter@Json@@QEAA@XZ
??0Value@Json@@QEAA@$$QEAV01@@Z
??0Value@Json@@QEAA@AEBV01@@Z
??0Value@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Json@@QEAA@AEBVStaticString@1@@Z
??0Value@Json@@QEAA@H@Z
??0Value@Json@@QEAA@I@Z
??0Value@Json@@QEAA@N@Z
??0Value@Json@@QEAA@PEBD0@Z
??0Value@Json@@QEAA@PEBD@Z
??0Value@Json@@QEAA@W4ValueType@1@@Z
??0Value@Json@@QEAA@_J@Z
??0Value@Json@@QEAA@_K@Z
??0Value@Json@@QEAA@_N@Z
??0ValueConstIterator@Json@@AEAA@AEBV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueConstIterator@Json@@QEAA@AEBVValueIterator@1@@Z
??0ValueConstIterator@Json@@QEAA@XZ
??0ValueIterator@Json@@AEAA@AEBV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIterator@Json@@QEAA@AEBV01@@Z
??0ValueIterator@Json@@QEAA@AEBVValueConstIterator@1@@Z
??0ValueIterator@Json@@QEAA@XZ
??0ValueIteratorBase@Json@@QEAA@AEBV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIteratorBase@Json@@QEAA@XZ
??0Writer@Json@@QEAA@AEBV01@@Z
??0Writer@Json@@QEAA@XZ
??1CharReader@Json@@UEAA@XZ
??1CharReaderBuilder@Json@@UEAA@XZ
??1Exception@Json@@UEAA@XZ
??1Factory@CharReader@Json@@UEAA@XZ
??1Factory@StreamWriter@Json@@UEAA@XZ
??1FastWriter@Json@@UEAA@XZ
??1LogicError@Json@@UEAA@XZ
??1Path@Json@@QEAA@XZ
??1PathArgument@Json@@QEAA@XZ
??1Reader@Json@@QEAA@XZ
??1RuntimeError@Json@@UEAA@XZ
??1StreamWriter@Json@@UEAA@XZ
??1StreamWriterBuilder@Json@@UEAA@XZ
??1StyledStreamWriter@Json@@QEAA@XZ
??1StyledWriter@Json@@UEAA@XZ
??1Value@Json@@QEAA@XZ
??1Writer@Json@@UEAA@XZ
??4CharReader@Json@@QEAAAEAV01@AEBV01@@Z
??4CharReaderBuilder@Json@@QEAAAEAV01@AEBV01@@Z
??4Exception@Json@@QEAAAEAV01@AEBV01@@Z
??4Factory@CharReader@Json@@QEAAAEAV012@AEBV012@@Z
??4Factory@StreamWriter@Json@@QEAAAEAV012@AEBV012@@Z
??4FastWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4Features@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Features@Json@@QEAAAEAV01@AEBV01@@Z
??4LogicError@Json@@QEAAAEAV01@$$QEAV01@@Z
??4LogicError@Json@@QEAAAEAV01@AEBV01@@Z
??4Path@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Path@Json@@QEAAAEAV01@AEBV01@@Z
??4PathArgument@Json@@QEAAAEAV01@$$QEAV01@@Z
??4PathArgument@Json@@QEAAAEAV01@AEBV01@@Z
??4Reader@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Reader@Json@@QEAAAEAV01@AEBV01@@Z
??4RuntimeError@Json@@QEAAAEAV01@$$QEAV01@@Z
??4RuntimeError@Json@@QEAAAEAV01@AEBV01@@Z
??4StaticString@Json@@QEAAAEAV01@$$QEAV01@@Z
??4StaticString@Json@@QEAAAEAV01@AEBV01@@Z
??4StreamWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4StreamWriterBuilder@Json@@QEAAAEAV01@AEBV01@@Z
??4StyledStreamWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4StyledWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4Value@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Value@Json@@QEAAAEAV01@AEBV01@@Z
??4ValueConstIterator@Json@@QEAAAEAV01@$$QEAV01@@Z
??4ValueConstIterator@Json@@QEAAAEAV01@AEBV01@@Z
??4ValueConstIterator@Json@@QEAAAEAV01@AEBVValueIteratorBase@1@@Z
??4ValueIterator@Json@@QEAAAEAV01@AEBV01@@Z
??4ValueIteratorBase@Json@@QEAAAEAV01@$$QEAV01@@Z
??4ValueIteratorBase@Json@@QEAAAEAV01@AEBV01@@Z
??4Writer@Json@@QEAAAEAV01@AEBV01@@Z
??5Json@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@std@@AEAV12@AEAVValue@0@@Z
??6Json@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AEAV12@AEBVValue@0@@Z
??8Value@Json@@QEBA_NAEBV01@@Z
??8ValueIteratorBase@Json@@QEBA_NAEBV01@@Z
??9Value@Json@@QEBA_NAEBV01@@Z
??9ValueIteratorBase@Json@@QEBA_NAEBV01@@Z
??ACharReaderBuilder@Json@@QEAAAEAVValue@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AStreamWriterBuilder@Json@@QEAAAEAVValue@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QEAAAEAV01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QEAAAEAV01@AEBVStaticString@1@@Z
??AValue@Json@@QEAAAEAV01@H@Z
??AValue@Json@@QEAAAEAV01@I@Z
??AValue@Json@@QEAAAEAV01@PEBD@Z
??AValue@Json@@QEBAAEBV01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QEBAAEBV01@H@Z
??AValue@Json@@QEBAAEBV01@I@Z
??AValue@Json@@QEBAAEBV01@PEBD@Z
??BStaticString@Json@@QEBAPEBDXZ
??BValue@Json@@QEBA_NXZ
??CValueConstIterator@Json@@QEBAPEBVValue@1@XZ
??CValueIterator@Json@@QEAAPEAVValue@1@XZ
??DValueConstIterator@Json@@QEBAAEBVValue@1@XZ
??DValueIterator@Json@@QEAAAEAVValue@1@XZ
??EValueConstIterator@Json@@QEAA?AV01@H@Z
??EValueConstIterator@Json@@QEAAAEAV01@XZ
??EValueIterator@Json@@QEAA?AV01@H@Z
??EValueIterator@Json@@QEAAAEAV01@XZ
??FValueConstIterator@Json@@QEAA?AV01@H@Z
??FValueConstIterator@Json@@QEAAAEAV01@XZ
??FValueIterator@Json@@QEAA?AV01@H@Z
??FValueIterator@Json@@QEAAAEAV01@XZ
??GValueIteratorBase@Json@@QEBAHAEBV01@@Z
??MValue@Json@@QEBA_NAEBV01@@Z
??NValue@Json@@QEBA_NAEBV01@@Z
??OValue@Json@@QEBA_NAEBV01@@Z
??PValue@Json@@QEBA_NAEBV01@@Z
??_7CharReader@Json@@6B@
??_7CharReaderBuilder@Json@@6B@
??_7Exception@Json@@6B@
??_7Factory@CharReader@Json@@6B@
??_7Factory@StreamWriter@Json@@6B@
??_7FastWriter@Json@@6B@
??_7LogicError@Json@@6B@
??_7RuntimeError@Json@@6B@
??_7StreamWriter@Json@@6B@
??_7StreamWriterBuilder@Json@@6B@
??_7StyledWriter@Json@@6B@
??_7Writer@Json@@6B@
??_FStyledStreamWriter@Json@@QEAAXXZ
??_FValue@Json@@QEAAXXZ
?addComment@Reader@Json@@AEAAXPEBD0W4CommentPlacement@2@@Z
?addError@Reader@Json@@AEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVToken@12@PEBD@Z
?addErrorAndRecover@Reader@Json@@AEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVToken@12@W4TokenType@12@@Z
?addPathInArg@Path@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$vector@PEBVPathArgument@Json@@V?$allocator@PEBVPathArgument@Json@@@std@@@4@AEAV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PEBVPathArgument@Json@@@std@@@std@@@4@W4Kind@PathArgument@2@@Z
?all@Features@Json@@SA?AV12@XZ
?append@Value@Json@@QEAAAEAV12@$$QEAV12@@Z
?append@Value@Json@@QEAAAEAV12@AEBV12@@Z
?asBool@Value@Json@@QEBA_NXZ
?asCString@Value@Json@@QEBAPEBDXZ
?asDouble@Value@Json@@QEBANXZ
?asFloat@Value@Json@@QEBAMXZ
?asInt64@Value@Json@@QEBA_JXZ
?asInt@Value@Json@@QEBAHXZ
?asLargestInt@Value@Json@@QEBA_JXZ
?asLargestUInt@Value@Json@@QEBA_KXZ
?asString@Value@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?asUInt64@Value@Json@@QEBA_KXZ
?asUInt@Value@Json@@QEBAIXZ
?begin@Value@Json@@QEAA?AVValueIterator@2@XZ
?begin@Value@Json@@QEBA?AVValueConstIterator@2@XZ
?c_str@StaticString@Json@@QEBAPEBDXZ
?clear@Value@Json@@QEAAXXZ
?compare@Value@Json@@QEBAHAEBV12@@Z
?computeDistance@ValueIteratorBase@Json@@IEBAHAEBV12@@Z
?containsNewLine@Reader@Json@@CA_NPEBD0@Z
?copy@Value@Json@@QEAAXAEBV12@@Z
?copy@ValueIteratorBase@Json@@IEAAXAEBV12@@Z
?copyPayload@Value@Json@@QEAAXAEBV12@@Z
?currentValue@Reader@Json@@AEAAAEAVValue@2@XZ
?decodeDouble@Reader@Json@@AEAA_NAEAVToken@12@@Z
?decodeDouble@Reader@Json@@AEAA_NAEAVToken@12@AEAVValue@2@@Z
?decodeNumber@Reader@Json@@AEAA_NAEAVToken@12@@Z
?decodeNumber@Reader@Json@@AEAA_NAEAVToken@12@AEAVValue@2@@Z
?decodeString@Reader@Json@@AEAA_NAEAVToken@12@@Z
?decodeString@Reader@Json@@AEAA_NAEAVToken@12@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?decodeUnicodeCodePoint@Reader@Json@@AEAA_NAEAVToken@12@AEAPEBDPEBDAEAI@Z
?decodeUnicodeEscapeSequence@Reader@Json@@AEAA_NAEAVToken@12@AEAPEBDPEBDAEAI@Z
?decrement@ValueIteratorBase@Json@@IEAAXXZ
?defaultRealPrecision@Value@Json@@2IB
?demand@Value@Json@@QEAAPEAV12@PEBD0@Z
?deref@ValueIteratorBase@Json@@IEAAAEAVValue@2@XZ
?deref@ValueIteratorBase@Json@@IEBAAEBVValue@2@XZ
?dropNullPlaceholders@FastWriter@Json@@QEAAXXZ
?dupMeta@Value@Json@@AEAAXAEBV12@@Z
?dupPayload@Value@Json@@AEAAXAEBV12@@Z
?empty@Value@Json@@QEBA_NXZ
?enableYAMLCompatibility@FastWriter@Json@@QEAAXXZ
?end@Value@Json@@QEAA?AVValueIterator@2@XZ
?end@Value@Json@@QEBA?AVValueConstIterator@2@XZ
?find@Value@Json@@QEBAPEBV12@PEBD0@Z
?get@Value@Json@@QEBA?AV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV12@@Z
?get@Value@Json@@QEBA?AV12@IAEBV12@@Z
?get@Value@Json@@QEBA?AV12@PEBD0AEBV12@@Z
?get@Value@Json@@QEBA?AV12@PEBDAEBV12@@Z
?getComment@Value@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?getFormatedErrorMessages@Reader@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFormattedErrorMessages@Reader@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getLocationLineAndColumn@Reader@Json@@AEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z
?getLocationLineAndColumn@Reader@Json@@AEBAXPEBDAEAH1@Z
?getMemberNames@Value@Json@@QEBA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getNextChar@Reader@Json@@AEAADXZ
?getOffsetLimit@Value@Json@@QEBA_JXZ
?getOffsetStart@Value@Json@@QEBA_JXZ
?getString@Value@Json@@QEBA_NPEAPEBD0@Z
?getStructuredErrors@Reader@Json@@QEBA?AV?$vector@UStructuredError@Reader@Json@@V?$allocator@UStructuredError@Reader@Json@@@std@@@std@@XZ
?good@Reader@Json@@QEBA_NXZ
?hasComment@Value@Json@@QEBA_NW4CommentPlacement@2@@Z
?hasCommentForValue@StyledStreamWriter@Json@@CA_NAEBVValue@2@@Z
?hasCommentForValue@StyledWriter@Json@@CA_NAEBVValue@2@@Z
?increment@ValueIteratorBase@Json@@IEAAXXZ
?indent@StyledStreamWriter@Json@@AEAAXXZ
?indent@StyledWriter@Json@@AEAAXXZ
?index@ValueIteratorBase@Json@@QEBAIXZ
?initBasic@Value@Json@@AEAAXW4ValueType@2@_N@Z
?insert@Value@Json@@QEAA_NI$$QEAV12@@Z
?insert@Value@Json@@QEAA_NIAEBV12@@Z
?invalidPath@Path@Json@@CAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?isAllocated@Value@Json@@AEBA_NXZ
?isArray@Value@Json@@QEBA_NXZ
?isBool@Value@Json@@QEBA_NXZ
?isConvertibleTo@Value@Json@@QEBA_NW4ValueType@2@@Z
?isDouble@Value@Json@@QEBA_NXZ
?isEqual@ValueIteratorBase@Json@@IEBA_NAEBV12@@Z
?isInt64@Value@Json@@QEBA_NXZ
?isInt@Value@Json@@QEBA_NXZ
?isIntegral@Value@Json@@QEBA_NXZ
?isMember@Value@Json@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isMember@Value@Json@@QEBA_NPEBD0@Z
?isMember@Value@Json@@QEBA_NPEBD@Z
?isMultilineArray@StyledStreamWriter@Json@@AEAA_NAEBVValue@2@@Z
?isMultilineArray@StyledWriter@Json@@AEAA_NAEBVValue@2@@Z
?isNull@Value@Json@@QEBA_NXZ
?isNumeric@Value@Json@@QEBA_NXZ
?isObject@Value@Json@@QEBA_NXZ
?isString@Value@Json@@QEBA_NXZ
?isUInt64@Value@Json@@QEBA_NXZ
?isUInt@Value@Json@@QEBA_NXZ
?isValidIndex@Value@Json@@QEBA_NI@Z
?key@ValueIteratorBase@Json@@QEBA?AVValue@2@XZ
?make@Path@Json@@QEBAAEAVValue@2@AEAV32@@Z
?makePath@Path@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$vector@PEBVPathArgument@Json@@V?$allocator@PEBVPathArgument@Json@@@std@@@4@@Z
?match@Reader@Json@@AEAA_NPEBDH@Z
?maxInt64@Value@Json@@2_JB
?maxInt@Value@Json@@2HB
?maxLargestInt@Value@Json@@2_JB
?maxLargestUInt@Value@Json@@2_KB
?maxUInt64@Value@Json@@2_KB
?maxUInt64AsDouble@Value@Json@@2NB
?maxUInt@Value@Json@@2IB
?memberName@ValueIteratorBase@Json@@QEBAPEBDPEAPEBD@Z
?memberName@ValueIteratorBase@Json@@QEBAPEBDXZ
?minInt64@Value@Json@@2_JB
?minInt@Value@Json@@2HB
?minLargestInt@Value@Json@@2_JB
?name@ValueIteratorBase@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?newCharReader@CharReaderBuilder@Json@@UEBAPEAVCharReader@2@XZ
?newStreamWriter@StreamWriterBuilder@Json@@UEBAPEAVStreamWriter@2@XZ
?normalizeEOL@Reader@Json@@CA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD0@Z
?null@Value@Json@@2AEBV12@EB
?nullRef@Value@Json@@2AEBV12@EB
?nullSingleton@Value@Json@@SAAEBV12@XZ
?omitEndingLineFeed@FastWriter@Json@@QEAAXXZ
?parse@Reader@Json@@QEAA_NAEAV?$basic_istream@DU?$char_traits@D@std@@@std@@AEAVValue@2@_N@Z
?parse@Reader@Json@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVValue@2@_N@Z
?parse@Reader@Json@@QEAA_NPEBD0AEAVValue@2@_N@Z
?parseFromStream@Json@@YA_NAEBVFactory@CharReader@1@AEAV?$basic_istream@DU?$char_traits@D@std@@@std@@PEAVValue@1@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z
?pushError@Reader@Json@@QEAA_NAEBVValue@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?pushError@Reader@Json@@QEAA_NAEBVValue@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledStreamWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readArray@Reader@Json@@AEAA_NAEAVToken@12@@Z
?readCStyleComment@Reader@Json@@AEAA_NXZ
?readComment@Reader@Json@@AEAA_NXZ
?readCppStyleComment@Reader@Json@@AEAA_NXZ
?readNumber@Reader@Json@@AEAAXXZ
?readObject@Reader@Json@@AEAA_NAEAVToken@12@@Z
?readString@Reader@Json@@AEAA_NXZ
?readToken@Reader@Json@@AEAA_NAEAVToken@12@@Z
?readValue@Reader@Json@@AEAA_NXZ
?recoverFromError@Reader@Json@@AEAA_NW4TokenType@12@@Z
?releasePayload@Value@Json@@AEAAXXZ
?removeIndex@Value@Json@@QEAA_NIPEAV12@@Z
?removeMember@Value@Json@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?removeMember@Value@Json@@QEAAXPEBD@Z
?removeMember@Value@Json@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAV12@@Z
?removeMember@Value@Json@@QEAA_NPEBD0PEAV12@@Z
?removeMember@Value@Json@@QEAA_NPEBDPEAV12@@Z
?resize@Value@Json@@QEAAXI@Z
?resolve@Path@Json@@QEBA?AVValue@2@AEBV32@0@Z
?resolve@Path@Json@@QEBAAEBVValue@2@AEBV32@@Z
?resolveReference@Value@Json@@AEAAAEAV12@PEBD0@Z
?resolveReference@Value@Json@@AEAAAEAV12@PEBD@Z
?setComment@Value@Json@@QEAAXPEBDW4CommentPlacement@2@@Z
?setComment@Value@Json@@QEAAXPEBD_KW4CommentPlacement@2@@Z
?setComment@Value@Json@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?setDefaults@CharReaderBuilder@Json@@SAXPEAVValue@2@@Z
?setDefaults@StreamWriterBuilder@Json@@SAXPEAVValue@2@@Z
?setIsAllocated@Value@Json@@AEAAX_N@Z
?setOffsetLimit@Value@Json@@QEAAX_J@Z
?setOffsetStart@Value@Json@@QEAAX_J@Z
?setType@Value@Json@@AEAAXW4ValueType@2@@Z
?size@Value@Json@@QEBAIXZ
?skipCommentTokens@Reader@Json@@AEAAXAEAVToken@12@@Z
?skipSpaces@Reader@Json@@AEAAXXZ
?strictMode@CharReaderBuilder@Json@@SAXPEAVValue@2@@Z
?strictMode@Features@Json@@SA?AV12@XZ
?swap@Value@Json@@QEAAXAEAV12@@Z
?swapPayload@Value@Json@@QEAAXAEAV12@@Z
?toStyledString@Value@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type@Value@Json@@QEBA?AW4ValueType@2@XZ
?unindent@StyledStreamWriter@Json@@AEAAXXZ
?unindent@StyledWriter@Json@@AEAAXXZ
?validate@CharReaderBuilder@Json@@QEBA_NPEAVValue@2@@Z
?validate@StreamWriterBuilder@Json@@QEBA_NPEAVValue@2@@Z
?valueToQuotedString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NIW4PrecisionType@1@@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?what@Exception@Json@@UEBAPEBDXZ
?write@FastWriter@Json@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVValue@2@@Z
?write@StyledStreamWriter@Json@@QEAAXAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AEBVValue@2@@Z
?write@StyledWriter@Json@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVValue@2@@Z
?writeArrayValue@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeArrayValue@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentBeforeValue@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentBeforeValue@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeIndent@StyledStreamWriter@Json@@AEAAXXZ
?writeIndent@StyledWriter@Json@@AEAAXXZ
?writeString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVFactory@StreamWriter@1@AEBVValue@1@@Z
?writeValue@FastWriter@Json@@AEAAXAEBVValue@2@@Z
?writeValue@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeValue@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeWithIndent@StyledStreamWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeWithIndent@StyledWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
NvOptimusEnablementCuda

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 989KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nv_fatb
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nvFatBi
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Stub/sigthief.exe
.exe windows:5 windows x64 arch:x64

ba5546933531fafa869b1f86a4e2a959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
FreeLibrary
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
SetEndOfFile

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sigthief.pyc
sheet rat v2.6/Stub/xmrminer.exe
.exe windows:6 windows x64 arch:x64

14ec8f3f7eee2e31d6dc574514386b4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htonl
htons
ntohs
WSARecvFrom
WSASend
WSARecv
WSAIoctl
WSADuplicateSocketW
FreeAddrInfoW
GetAddrInfoW
gethostname
listen
bind
getsockname
WSASetLastError
WSACleanup
__WSAFDIsSet
closesocket
select
shutdown
WSASocketW
inet_pton
getaddrinfo
WSAStartup
getpeername
send
socket
connect
recv
getsockopt
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError

psapi

GetProcessMemoryInfo

iphlpapi

GetAdaptersAddresses

userenv

GetUserProfileDirectoryW

crypt32

CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertDuplicateCertificateContext

kernel32

GetStdHandle
SetConsoleMode
GetConsoleMode
GetComputerNameW
SizeofResource
LockResource
LoadResource
FindResourceW
ExpandEnvironmentStringsA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
SetThreadExecutionState
GetSystemFirmwareTable
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
SetPriorityClass
GetCurrentProcess
SetThreadPriority
GetSystemPowerStatus
GetCurrentThread
GetProcAddress
GetModuleHandleW
GetTickCount
FreeConsole
GetConsoleWindow
VirtualProtect
VirtualFree
VirtualAlloc
GetLargePageMinimum
LocalAlloc
GetLastError
LocalFree
FlushInstructionCache
GetCurrentThreadId
AddVectoredExceptionHandler
DeviceIoControl
GetModuleFileNameW
CreateFileW
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileType
WriteFile
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
PostQueuedCompletionStatus
CreateFileA
DuplicateHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
QueueUserWorkItem
RegisterWaitForSingleObject
UnregisterWait
GetNumberOfConsoleInputEvents
ReadConsoleInputW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleTitleA
WriteConsoleW
WriteConsoleInputW
CreateDirectoryW
FlushFileBuffers
GetDiskFreeSpaceW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFinalPathNameByHandleW
GetFullPathNameW
ReadFile
RemoveDirectoryW
SetFilePointerEx
SetFileTime
GetSystemInfo
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitializeCriticalSection
SetConsoleCtrlHandler
GetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
CreateIoCompletionPort
ReadDirectoryChangesW
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetTempPathW
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetVersionExW
VerifyVersionInfoA
FileTimeToSystemTime
SetHandleInformation
CancelIo
SetFileCompletionNotificationModes
LoadLibraryExW
FormatMessageA
SetErrorMode
GetQueuedCompletionStatus
ConnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
CancelIoEx
CancelSynchronousIo
SwitchToThread
GetExitCodeProcess
UnregisterWaitEx
LCMapStringW
DebugBreak
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
ReleaseSemaphore
ResumeThread
GetNativeSystemInfo
CreateSemaphoreA
GetModuleHandleA
GetStartupInfoW
GetModuleFileNameA
GetVersionExA
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
GetComputerNameA
CreateTimerQueue
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetLocaleInfoW
CompareStringW
CreateEventW
GetCPInfo
DecodePointer
SignalObjectAndWait
SetConsoleTextAttribute
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetThreadTimes
FreeLibraryAndExitThread
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
SetStdHandle
GetCommandLineA
GetCommandLineW
ExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitProcess
GetFileAttributesExW
SetFileAttributesW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetTimeZoneInformation
HeapSize
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCursorPosition
VerSetConditionMask
EncodePointer
RaiseException
WaitForSingleObjectEx
GetExitCodeThread
RtlPcToFileHeader

user32

GetSystemMetrics
MapVirtualKeyW
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
ShowWindow
GetLastInputInfo

shell32

SHGetSpecialFolderPathA
SHGetFolderPathW

advapi32

SystemFunction036
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigA
DeleteService
ControlService
StartServiceW
OpenServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetTokenInformation
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptImportKey
GetUserNameW

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RANDOMX
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_SHA3_25
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/System.Collections.Immutable.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:35:16:55:df:62:5e:90:93:72:fe:bd:fe:ac:db:f2:1e:96:b4:4d:30:e1:68:45:9c:04:3b:aa:ba:f4:42:36
Signer

Actual PE Digest

33:35:16:55:df:62:5e:90:93:72:fe:bd:fe:ac:db:f2:1e:96:b4:4d:30:e1:68:45:9c:04:3b:aa:ba:f4:42:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/System.Collections.Immutable/net461-Release/System.Collections.Immutable.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheet rat v2.6/Themes.json
sheet rat v2.6/protobuf-net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

protobuf-net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

^XV%*hqh Size: 974KB - Virtual size: 973KB

.text Size: 904KB - Virtual size: 904KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 144KB - Virtual size: 144KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 940B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 449KB - Virtual size: 448KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 654KB - Virtual size: 653KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 342KB - Virtual size: 342KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 462KB - Virtual size: 461KB

.rsrc Size: 1024B - Virtual size: 952B

^XV%*hqh
Size: 974KB - Virtual size: 973KB

.text
Size: 904KB - Virtual size: 904KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 144KB - Virtual size: 144KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 940B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 449KB - Virtual size: 448KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 654KB - Virtual size: 653KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 342KB - Virtual size: 342KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 462KB - Virtual size: 461KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

.text
Size: 681KB - Virtual size: 680KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B