C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Pw Stealer by Killer110.rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Pw Stealer by Killer110.rar
Resource
win10v2004-20240802-en
General
-
Target
Pw Stealer by Killer110.rar
-
Size
3.2MB
-
MD5
4c5c1b71026fe3d198afd9782f7e93bb
-
SHA1
92008792e64f3de181897b32adca0d6da8889b8a
-
SHA256
244932866c0664a296122bc1c8d3de4f4113c7286b69d37f7924dafc34101734
-
SHA512
2766cf4a4d942843d95eb188c224dd19439d0011191e161e283507ffc49d57f25d23819cd6aa6ab2580ddbf9a7a99804017ade41f880e632df24de775d291d3a
-
SSDEEP
98304:TOEHZxkwyJMqVQjnxhRM1of3sCdxWHP2Q/DAD:55GJRVQjWw3JdxWHPp/cD
Malware Config
Signatures
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/Pw Stealer by Killer110/Pw Stealer by Killer110/Pw Stealer by Killer110.exe unpack001/Pw Stealer by Killer110/Pw Stealer by Killer110/bcastdvr.proxy.dll unpack001/Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/Ionic.Zip.dll unpack001/Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/Launcher.exe unpack001/Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/bcastdvr.proxy.dll unpack001/Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/pwk.exe unpack001/Pw Stealer by Killer110/Pw Stealer by Killer110/xpt_link.exe
Files
-
Pw Stealer by Killer110.rar.rar
-
Pw Stealer by Killer110/Pw Stealer by Killer110/Pw Stealer by Killer110.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 214KB - Virtual size: 213KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/aepic.dll.dll windows:10 windows x64 arch:x64
2b5a38d4fa8fb52bf13456eb07f516b0
Code Sign
33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:24Not After02/05/2020, 21:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36Signer
Actual PE Digest3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
aepic.pdb
Imports
msvcrt
_CxxThrowException
strnlen
?what@exception@@UEBAPEBDXZ
_wcsicmp
___lc_codepage_func
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
___mb_cur_max_func
??1type_info@@UEAA@XZ
memset
abort
__crtCompareStringW
memmove_s
_vsnprintf_s
strncmp
towlower
___lc_collate_cp_func
memcmp
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_wtoi
calloc
??1exception@@UEAA@XZ
memcpy_s
malloc
??0exception@@QEAA@AEBQEBD@Z
_purecall
memmove
___lc_handle_func
__crtLCMapStringW
??0exception@@QEAA@AEBQEBDH@Z
memcpy
setlocale
wcstombs
_vsnwprintf
??0bad_cast@@QEAA@PEBD@Z
__C_specific_handler
??1bad_cast@@UEAA@XZ
free
strtol
realloc
__CxxFrameHandler3
_errno
strncpy_s
??0bad_cast@@QEAA@AEBV0@@Z
_vsnwprintf_s
_vscwprintf
strchr
_set_errno
tolower
__pctype_func
iscntrl
_wsplitpath_s
_onexit
isspace
wcstoul
_wtoi64
sprintf_s
_vsnprintf
strcpy_s
_wcsnicmp
wcschr
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcscmp
ntdll
RtlGetVersion
RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
NtQueryKey
WinSqmIsOptedInEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlSecondsSince1970ToTime
NtQueryLicenseValue
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
EtwTraceMessage
rpcrt4
UuidCreate
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
api-ms-win-core-processthreads-l1-1-0
OpenProcessToken
TlsAlloc
GetThreadPriority
SetThreadPriority
TlsGetValue
ResumeThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId
CreateThread
GetCurrentThread
api-ms-win-core-localization-l1-2-0
FormatMessageW
LocaleNameToLCID
api-ms-win-core-winrt-string-l1-1-0
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceComplete
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
EnterCriticalSection
InitializeCriticalSection
SetWaitableTimer
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
OpenWaitableTimerW
CreateEventW
CreateMutexW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeSRWLock
CreateEventExW
ReleaseSRWLockShared
CreateSemaphoreExW
api-ms-win-core-com-l1-1-0
CoWaitForMultipleHandles
CoGetCallContext
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoGetApartmentType
CoTaskMemFree
api-ms-win-core-com-l1-1-1
RoGetAgileReference
api-ms-win-core-winrt-error-l1-1-1
IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-security-base-l1-1-0
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
DuplicateTokenEx
SetSecurityDescriptorDacl
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-shcore-thread-l1-1-0
SHSetThreadRef
SHGetThreadRef
SetProcessReference
GetProcessReference
api-ms-win-core-realtime-l1-1-0
QueryThreadCycleTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetTickCount64
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
api-ms-win-core-string-l1-1-0
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventUnregister
api-ms-win-core-file-l1-1-0
GetFileAttributesW
GetLongPathNameW
FindClose
FindNextFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
FindFirstFileW
GetTempFileNameW
WriteFile
CreateFileW
DeleteFileW
GetVolumeInformationByHandleW
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
GetSystemFirmwareTable
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteTreeW
RegSaveKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegUnLoadKeyW
RegLoadAppKeyW
RegLoadKeyW
RegFlushKey
RegSetKeySecurity
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
RegDeleteKeyValueW
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
RegOpenKeyW
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathUnExpandEnvStringsW
PathFileExistsW
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
GetCurrentDirectoryW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-path-l1-1-0
PathAllocCombine
PathCchCanonicalizeEx
PathCchRemoveFileSpec
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-shcore-path-l1-1-0
ord170
api-ms-win-shcore-obsolete-l1-1-0
CommandLineToArgvW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW
bcrypt
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
api-ms-win-security-cryptoapi-l1-1-0
CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
api-ms-win-eventing-classicprovider-l1-1-0
TraceEvent
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-sidebyside-l1-1-0
ReleaseActCtx
QueryActCtxW
CreateActCtxW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer
CallbackMayRunLong
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
oleaut32
SysFreeString
SysAllocString
VariantClear
VariantInit
VariantCopy
VariantChangeType
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
api-ms-win-core-string-l2-1-1
SHLoadIndirectString
api-ms-win-security-capability-l1-1-0
CapabilityCheck
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
UpdateSoftwareInventoryTC2
Sections
.text Size: 332KB - Virtual size: 332KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/bcastdvr.proxy.dll.dll regsvr32 windows:10 windows x86 arch:x86
1b05ea5f90a138982c4f04f953c32511
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
bcastdvr.proxy.pdb
Imports
msvcrt
_except_handler4_common
_initterm
malloc
_XcptFilter
_amsg_exit
free
memcmp
rpcrt4
CStdStubBuffer_Disconnect
NdrOleAllocate
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrStubForwardingFunction
CStdStubBuffer_CountRefs
NdrStubCall2
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
api-ms-win-core-winrt-string-l1-1-0
HSTRING_UserUnmarshal
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserFree
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient3
ObjectStublessClient27
CStdStubBuffer2_CountRefs
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient11
CStdStubBuffer2_QueryInterface
ObjectStublessClient19
ObjectStublessClient14
ObjectStublessClient12
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
CStdStubBuffer2_Connect
ObjectStublessClient26
ObjectStublessClient24
ObjectStublessClient10
NdrProxyForwardingFunction3
ObjectStublessClient25
ObjectStublessClient22
ObjectStublessClient18
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient29
ObjectStublessClient17
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/Ionic.Zip.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 478KB - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/LICENCE.dat.zip
-
Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/Launcher.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/aepic.dll.dll windows:10 windows x64 arch:x64
2b5a38d4fa8fb52bf13456eb07f516b0
Code Sign
33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:24Not After02/05/2020, 21:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36Signer
Actual PE Digest3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
aepic.pdb
Imports
msvcrt
_CxxThrowException
strnlen
?what@exception@@UEBAPEBDXZ
_wcsicmp
___lc_codepage_func
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
___mb_cur_max_func
??1type_info@@UEAA@XZ
memset
abort
__crtCompareStringW
memmove_s
_vsnprintf_s
strncmp
towlower
___lc_collate_cp_func
memcmp
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_wtoi
calloc
??1exception@@UEAA@XZ
memcpy_s
malloc
??0exception@@QEAA@AEBQEBD@Z
_purecall
memmove
___lc_handle_func
__crtLCMapStringW
??0exception@@QEAA@AEBQEBDH@Z
memcpy
setlocale
wcstombs
_vsnwprintf
??0bad_cast@@QEAA@PEBD@Z
__C_specific_handler
??1bad_cast@@UEAA@XZ
free
strtol
realloc
__CxxFrameHandler3
_errno
strncpy_s
??0bad_cast@@QEAA@AEBV0@@Z
_vsnwprintf_s
_vscwprintf
strchr
_set_errno
tolower
__pctype_func
iscntrl
_wsplitpath_s
_onexit
isspace
wcstoul
_wtoi64
sprintf_s
_vsnprintf
strcpy_s
_wcsnicmp
wcschr
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcscmp
ntdll
RtlGetVersion
RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
NtQueryKey
WinSqmIsOptedInEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlSecondsSince1970ToTime
NtQueryLicenseValue
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
EtwTraceMessage
rpcrt4
UuidCreate
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
api-ms-win-core-processthreads-l1-1-0
OpenProcessToken
TlsAlloc
GetThreadPriority
SetThreadPriority
TlsGetValue
ResumeThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId
CreateThread
GetCurrentThread
api-ms-win-core-localization-l1-2-0
FormatMessageW
LocaleNameToLCID
api-ms-win-core-winrt-string-l1-1-0
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceComplete
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
EnterCriticalSection
InitializeCriticalSection
SetWaitableTimer
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
OpenWaitableTimerW
CreateEventW
CreateMutexW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeSRWLock
CreateEventExW
ReleaseSRWLockShared
CreateSemaphoreExW
api-ms-win-core-com-l1-1-0
CoWaitForMultipleHandles
CoGetCallContext
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoGetApartmentType
CoTaskMemFree
api-ms-win-core-com-l1-1-1
RoGetAgileReference
api-ms-win-core-winrt-error-l1-1-1
IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-security-base-l1-1-0
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
DuplicateTokenEx
SetSecurityDescriptorDacl
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-shcore-thread-l1-1-0
SHSetThreadRef
SHGetThreadRef
SetProcessReference
GetProcessReference
api-ms-win-core-realtime-l1-1-0
QueryThreadCycleTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetTickCount64
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
api-ms-win-core-string-l1-1-0
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventUnregister
api-ms-win-core-file-l1-1-0
GetFileAttributesW
GetLongPathNameW
FindClose
FindNextFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
FindFirstFileW
GetTempFileNameW
WriteFile
CreateFileW
DeleteFileW
GetVolumeInformationByHandleW
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
GetSystemFirmwareTable
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteTreeW
RegSaveKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegUnLoadKeyW
RegLoadAppKeyW
RegLoadKeyW
RegFlushKey
RegSetKeySecurity
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
RegDeleteKeyValueW
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
RegOpenKeyW
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathUnExpandEnvStringsW
PathFileExistsW
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
GetCurrentDirectoryW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-path-l1-1-0
PathAllocCombine
PathCchCanonicalizeEx
PathCchRemoveFileSpec
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-shcore-path-l1-1-0
ord170
api-ms-win-shcore-obsolete-l1-1-0
CommandLineToArgvW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW
bcrypt
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
api-ms-win-security-cryptoapi-l1-1-0
CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
api-ms-win-eventing-classicprovider-l1-1-0
TraceEvent
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-sidebyside-l1-1-0
ReleaseActCtx
QueryActCtxW
CreateActCtxW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer
CallbackMayRunLong
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
oleaut32
SysFreeString
SysAllocString
VariantClear
VariantInit
VariantCopy
VariantChangeType
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
api-ms-win-core-string-l2-1-1
SHLoadIndirectString
api-ms-win-security-capability-l1-1-0
CapabilityCheck
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
UpdateSoftwareInventoryTC2
Sections
.text Size: 332KB - Virtual size: 332KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/bcastdvr.proxy.dll.dll regsvr32 windows:10 windows x86 arch:x86
1b05ea5f90a138982c4f04f953c32511
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
bcastdvr.proxy.pdb
Imports
msvcrt
_except_handler4_common
_initterm
malloc
_XcptFilter
_amsg_exit
free
memcmp
rpcrt4
CStdStubBuffer_Disconnect
NdrOleAllocate
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrStubForwardingFunction
CStdStubBuffer_CountRefs
NdrStubCall2
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
api-ms-win-core-winrt-string-l1-1-0
HSTRING_UserUnmarshal
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserFree
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient3
ObjectStublessClient27
CStdStubBuffer2_CountRefs
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient11
CStdStubBuffer2_QueryInterface
ObjectStublessClient19
ObjectStublessClient14
ObjectStublessClient12
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
CStdStubBuffer2_Connect
ObjectStublessClient26
ObjectStublessClient24
ObjectStublessClient10
NdrProxyForwardingFunction3
ObjectStublessClient25
ObjectStublessClient22
ObjectStublessClient18
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient29
ObjectStublessClient17
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/xpcshell/pwk.exe.exe windows:4 windows x86 arch:x86
c6eb411f28df655f09219f51534351da
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
CloseHandle
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
CompareStringW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersion
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
TerminateProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
SuspendThread
GetShortPathNameA
user32
GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
SendMessageA
gdi32
DeleteDC
RealizePalette
SelectPalette
CreateDCA
CreatePalette
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBitmap
Sections
.text Size: - Virtual size: 871KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text1 Size: 260KB - Virtual size: 320KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: 52KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 40KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 276KB - Virtual size: 320KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Pw Stealer by Killer110/Pw Stealer by Killer110/xpt_link.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
e:\builds\moz2_slave\rel-192-xr-w32-bld\build\obj-firefox\xpcom\typelib\xpt\tools\xpt_link.pdb
Sections
.text Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.gda Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE