d1da7668491daf140626863d210dd217_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1da7668491daf140626863d210dd217_JaffaCakes118
Size

1.7MB
MD5

d1da7668491daf140626863d210dd217
SHA1

94795c9a48f8da96b9c81f6021f5ce6e15b279de
SHA256

7f22ab3ce4cc794ef442caa1535087505775854ee77e150d043ba367a272b53d
SHA512

584c8b13da8b42e66a0866b186b91ceb15550d5497967f8ec2c72cbb072431d2dc9de89323c90622294d8853c59620ee284524290ec8e3a6217dc02bf927037c
SSDEEP

49152:GssuAOe76X4fM9gT7UwU1Nh2m1fncLsjqEE8:su+hfTRU1Div8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SDFix/apps/ERDNT.E_E	upx
static1/unpack001/SDFix/apps/ERUNT.EXE	upx
static1/unpack001/SDFix/apps/RestartIt!.exe	upx
static1/unpack001/SDFix/apps/Swreg.exe	upx
static1/unpack001/SDFix/apps/swsc.exe	upx

Unsigned PE 36 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SDFix/apps/Cghtme.exe
unpack001/SDFix/apps/ERDNT.E_E
unpack001/SDFix/apps/ERUNT.EXE
unpack001/SDFix/apps/FixPath.exe
unpack001/SDFix/apps/LS.exe
unpack001/SDFix/apps/MD5File.exe
unpack001/SDFix/apps/Process.exe
unpack001/SDFix/apps/Replace/regedit.exe
unpack001/SDFix/apps/Replace/w2k/beep.sys
unpack001/SDFix/apps/Replace/w2k/null.sys
unpack001/SDFix/apps/Replace/xp/beep.sys
unpack001/SDFix/apps/Replace/xp/null.sys
unpack001/SDFix/apps/RestartIt!.exe
unpack004/out.upx
unpack001/SDFix/apps/SF.exe
unpack001/SDFix/apps/Swreg.exe
unpack001/SDFix/apps/UnRAR.exe
unpack001/SDFix/apps/WINMSG.EXE
unpack001/SDFix/apps/cliptext.exe
unpack001/SDFix/apps/download.exe
unpack001/SDFix/apps/dummy.sys
unpack001/SDFix/apps/grep.exe
unpack001/SDFix/apps/isadmin.exe
unpack001/SDFix/apps/moveex.exe
unpack001/SDFix/apps/procs.exe
unpack001/SDFix/apps/psservice.exe
unpack001/SDFix/apps/sc.exe
unpack001/SDFix/apps/sed.exe
unpack001/SDFix/apps/shutdown.exe
unpack001/SDFix/apps/swsc.exe
unpack006/out.upx
unpack001/SDFix/apps/unzip.exe
unpack001/SDFix/apps/vfind.exe
unpack001/SDFix/apps/zip.exe
unpack001/SDFix/catchme.exe
unpack001/SDFix/dummy.sys

Files

d1da7668491daf140626863d210dd217_JaffaCakes118
.rar
SDFix/Add_DBFix_RunOnce_key.inf
SDFix/DBFix.bat
.bat .vbs
SDFix/RunThis.bat
.bat .vbs
SDFix/SDFIX_ReadMe_Online.url
SDFix/W2K_VirusAlert_Repair.inf
SDFix/XP_VirusAlert_Repair.inf
SDFix/apps/Cghtme.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/DBFix.inf
SDFix/apps/ERDNT.E_E
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/ERDNTDOS.LOC
SDFix/apps/ERDNTWIN.LOC
SDFix/apps/ERUNT.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 148KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/ERUNT.LOC
SDFix/apps/Enable_Command_Prompt.inf
SDFix/apps/Enable_Command_Prompt.reg
SDFix/apps/FIXCU.reg
SDFix/apps/FIXLM.reg
SDFix/apps/FixBH.reg
SDFix/apps/FixBeep.reg
SDFix/apps/FixComponents.reg
SDFix/apps/FixPath.exe
.exe windows:4 windows x86 arch:x86

483eec71d218c83e55b1a91993fcb4fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleFileNameA
GetModuleHandleA
GlobalAlloc
GlobalLock
WriteFile
ReadFile
CloseHandle
SetFilePointer
CreateFileA
GetFileType
GetStartupInfoA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
GetVersionExA
ExitProcess

user32

MessageBoxA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/FixRedir.reg
SDFix/apps/FixSchedule.reg
SDFix/apps/FixWebCheck.reg
SDFix/apps/FixXPsp2.reg
SDFix/apps/HPFix.reg
SDFix/apps/HPFix2.reg
SDFix/apps/HPFix3.reg
SDFix/apps/HPFix4.reg
SDFix/apps/HPFix5.reg
SDFix/apps/HPFix6.reg
SDFix/apps/HPFix7.reg
SDFix/apps/HPFix8.reg
SDFix/apps/HPFix9.reg
SDFix/apps/HaxdFix.reg
SDFix/apps/Installed.txt
SDFix/apps/LS.exe
.exe windows:4 windows x86 arch:x86

260f2d6b4b372c3976adb4866014670f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetFileSizeEx
GetFullPathNameA
GetProcAddress
GetModuleHandleA
CreateFileA
WideCharToMultiByte
GetCurrentProcess
GetLastError
GetEnvironmentStringsW
ExitProcess
TerminateProcess
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
FormatMessageA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/MD5File.exe
.exe windows:4 windows x86 arch:x86

bc1726dce8cf58cbf8e02dfd7cba8191

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
lstrcatA
CloseHandle
ReadFile
CreateFileA
lstrlenA
ExitProcess
GetCommandLineA
WriteFile
GetStdHandle

user32

wsprintfA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/MyGcpvFix.reg
SDFix/apps/MyGkFix2.reg
SDFix/apps/Process.exe
.exe windows:4 windows x86 arch:x86

674ead00063f238494b4725620612b42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Projects\Process\Process\Release\Process.pdb

Imports

kernel32

GetLastError
GetProcessAffinityMask
OpenProcess
Sleep
TerminateProcess
WaitForSingleObject
SetPriorityClass
lstrcmpiA
HeapFree
ResumeThread
SuspendThread
GetVersionExA
WideCharToMultiByte
HeapAlloc
CloseHandle
GlobalFree
GlobalAlloc
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
LocalFree
FormatMessageA
HeapSize
RtlUnwind
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
SetProcessAffinityMask
LoadLibraryA
GetProcAddress
FreeLibrary
GetProcessHeap
GetCurrentProcess
ExitProcess
GetModuleHandleA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
VirtualProtect
SetStdHandle

user32

CloseDesktop
EnumDesktopWindows
GetWindowThreadProcessId
PostMessageA
OpenDesktopA

advapi32

LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/Rem.txt
SDFix/apps/Rem2.txt
SDFix/apps/Replace/regedit.exe
.exe windows:5 windows x86 arch:x86

dccff42573edbebc16f4c14991579bbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

regedit.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__p__fmode
_initterm
__getmainargs
_acmdln
__set_app_type
_except_handler3
__setusermatherr
_controlfp
exit
_XcptFilter
_exit
_c_exit
swprintf
iswprint
wcsncpy
wcslen
wcscat
wcscpy
_purecall
iswctype
wcscmp
wcschr
wcsncmp
wcsrchr
_cexit
memmove

advapi32

RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
RegDeleteValueW
InitializeAcl
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetInheritanceSourceW
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
MapGenericMask
RegSetValueExA
RegSetValueW
RegFlushKey
RegSaveKeyW
RegRestoreKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegEnumValueW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW

kernel32

ReadFile
DeleteFileW
WriteFile
WideCharToMultiByte
CreateFileW
OutputDebugStringW
GetLastError
SetFilePointer
GetFileSize
SearchPathW
GetTimeFormatW
GetDateFormatW
GetSystemDefaultLCID
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeLibrary
LoadLibraryW
MulDiv
lstrcpynW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
MultiByteToWideChar
lstrcmpW
FormatMessageW
GetThreadLocale
GetModuleHandleW
ExitProcess
GetCommandLineW
GetProcessHeap
lstrcatW
LocalAlloc
GetCurrentProcess
CloseHandle
LocalFree
GetComputerNameW
lstrcmpiW
lstrlenW
lstrcpyW
LocalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
LoadLibraryA

gdi32

GetStockObject
SetAbortProc
StartDocW
StartPage
SetViewportOrgEx
EndPage
EndDoc
AbortDoc
DeleteDC
CreateBitmap
CreatePatternBrush
PatBlt
ExcludeClipRect
SelectClipRgn
DeleteObject
SetBkColor
SetTextColor
ExtTextOutW
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW

user32

SendDlgItemMessageW
SetDlgItemTextW
SetWindowLongW
DefWindowProcW
ReleaseDC
GetDC
SetScrollInfo
wsprintfW
DestroyCaret
ReleaseCapture
KillTimer
SetCaretPos
ScrollWindowEx
ShowCaret
HideCaret
InvalidateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
WinHelpW
EndDialog
GetWindowLongW
EndPaint
BeginPaint
CreateCaret
SetTimer
SetCapture
SetFocus
CharLowerW
GetDlgItem
DestroyMenu
TrackPopupMenuEx
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
GetKeyState
RegisterClassW
LoadCursorW
RegisterClipboardFormatW
CheckRadioButton
SendMessageW
GetWindowTextW
GetParent
GetDlgItemTextW
IsDlgButtonChecked
GetDlgCtrlID
CallWindowProcW
GetWindowTextLengthW
GetDlgItemInt
PostQuitMessage
GetWindowPlacement
SetWindowTextW
EnableWindow
GetWindowRect
DrawMenuBar
InsertMenuItemW
DeleteMenu
SetMenuItemInfoW
GetMenu
GetMenuItemInfoW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsIconic
DestroyIcon
LoadImageW
GetSysColor
SetCursor
ShowCursor
ShowWindow
SetWindowPlacement
CreateWindowExW
GetProcessDefaultLayout
GetMessageW
ScreenToClient
SetCursorPos
DispatchMessageW
ClientToScreen
GetDesktopWindow
LoadIconW
PostMessageW
SetMenuDefaultItem
InsertMenuW
GetMenuItemID
CheckMenuItem
UpdateWindow
RegisterClassExW
CharNextW
GetClientRect
DestroyWindow
CreateDialogParamW
CheckDlgButton
DrawAnimatedRects
IntersectRect
ModifyMenuW
GetMessagePos
TranslateMessage
TranslateAcceleratorW
LoadAcceleratorsW
SetForegroundWindow
GetLastActivePopup
BringWindowToTop
FindWindowW
LoadStringW
GetWindow
IsDialogMessageW
PeekMessageW
MessageBoxW
CharUpperBuffW
CharUpperW
IsCharAlphaNumericW
GetSystemMetrics
MoveWindow
MapWindowPoints
DialogBoxParamW
SetWindowPos
MessageBeep

comctl32

ord338
ord334
ord236
ord340
InitCommonControlsEx
ord365
ord337
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy
ord2
ord4
ImageList_ReplaceIcon
ord329
ord359
ord358
ord363
CreateStatusWindowW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
PrintDlgExW

shell32

ShellAboutW
DragQueryFileW
DragFinish

authz

AuthzInitializeContextFromSid
AuthzAccessCheck
AuthzFreeContext
AuthzFreeResourceManager
AuthzInitializeResourceManager

aclui

ord2

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
ReleaseStgMedium

ulib

?Resize@DSTRING@@UAEEK@Z
?Initialize@ARRAY@@QAEEKK@Z
?NewBuf@DSTRING@@UAEEK@Z
??1DSTRING@@UAE@XZ
??1OBJECT@@UAE@XZ
??0OBJECT@@IAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
??0DSTRING@@QAE@XZ
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
??0ARRAY@@QAE@XZ
?Initialize@WSTRING@@QAEEPBGK@Z

clb

ClbAddData
ClbSetColumnWidths

ntdll

RtlFreeHeap
RtlAllocateHeap

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/Replace/w2k/AUTOEXEC.NT
SDFix/apps/Replace/w2k/CONFIG.NT
SDFix/apps/Replace/w2k/beep.sys
.sys windows:5 windows x86 arch:x86

ffaee6e0f82e4722bf39b71a517315cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeRemoveEntryDeviceQueue
InterlockedExchange
KeRemoveDeviceQueue
IoAcquireCancelSpinLock
IoStartPacket
MmLockPagableDataSection
IofCompleteRequest
IoReleaseCancelSpinLock
MmUnlockPagableImageSection
IoStartNextPacket
KeSetTimer
InterlockedIncrement
_allmul
IoDeleteDevice
IoCreateDevice
KeInitializeDpc
KeInitializeTimer
KeInitializeEvent
InterlockedDecrement
KeCancelTimer

hal

ExAcquireFastMutex
ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql
HalMakeBeep

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 736B - Virtual size: 726B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 192B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDFix/apps/Replace/w2k/command.PIF
SDFix/apps/Replace/w2k/command.com
SDFix/apps/Replace/w2k/null.sys
.sys windows:5 windows x86 arch:x86

109af08da1b200e431c89229a5f72627

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoCreateDevice
RtlInitUnicodeString
MmPageEntireDriver
IofCompleteRequest
IoDeleteDevice

Sections

.rdata
Size: 160B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 256B - Virtual size: 231B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 416B - Virtual size: 402B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 64B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDFix/apps/Replace/xp/AUTOEXEC.NT
SDFix/apps/Replace/xp/CONFIG.NT
SDFix/apps/Replace/xp/beep.sys
.sys windows:5 windows x86 arch:x86

38bbc0aa71732b7887deb9f6230dc222

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

beep.pdb

Imports

ntoskrnl.exe

MmLockPagableDataSection
KeCancelTimer
MmUnlockPagableImageSection
IoStartNextPacket
KeSetTimer
_allmul
IoStartPacket
KeInitializeEvent
KeInitializeTimer
KeInitializeDpc
IoCreateDevice
RtlInitUnicodeString
IoAcquireCancelSpinLock
KeRemoveDeviceQueue
KeRemoveEntryDeviceQueue
IoReleaseCancelSpinLock
IoDeleteDevice
IofCompleteRequest

hal

ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql
HalMakeBeep
ExAcquireFastMutex

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 768B - Virtual size: 644B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDFix/apps/Replace/xp/command.PIF
SDFix/apps/Replace/xp/command.com
SDFix/apps/Replace/xp/null.sys
.sys windows:5 windows x86 arch:x86

14af89e9cdb7305e12e818c57e5fc17b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

null.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
IoCreateDevice
MmPageEntireDriver
IoDeleteDevice

Sections

.rdata
Size: 128B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 384B - Virtual size: 262B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 354B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 58B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDFix/apps/Reset_AppInit_DLLs.reg
SDFix/apps/RestartIt!.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/Restore_SafeBoot_Windows2000.reg
SDFix/apps/Restore_SafeBoot_WindowsXP.reg
SDFix/apps/Restore_SafeBoot_WindowsXP_SP2.reg
SDFix/apps/Restore_SafeBoot_WindowsXP_SP3.reg
SDFix/apps/Restore_SecurityCenter.reg
SDFix/apps/Restore_SharedAccess.reg
SDFix/apps/SF.exe
.exe windows:4 windows x86 arch:x86

fa302e2d11235d136fef4e8823119994

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CloseHandle
GetCurrentProcess
GetFullPathNameA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetFileSizeEx
GetLastError
FormatMessageA
ExitProcess
TerminateProcess
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/Swreg.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 266KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/UnRAR.exe
.exe windows:4 windows x86 arch:x86

34bca7bc66fde67d5456937fcff90dfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemTime
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
LocalFree
MoveFileA
MultiByteToWideChar
RaiseException
ReadConsoleA
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetErrorMode
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetPriorityClass
SetThreadPriority
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
ExitWindowsEx
LoadStringA
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/WINMSG.EXE
.exe windows:4 windows x86 arch:x86

dc6770caf29ff11a01a70922388f8dfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
GetVersionExA
LoadLibraryA
GetProcAddress
GetLastError
GetModuleFileNameA
GetModuleHandleA
GlobalAlloc
GlobalLock
WriteFile
ReadFile
CloseHandle
SetFilePointer
CreateFileA
GetFileType
GetStartupInfoA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
ExitProcess

user32

MessageBoxA
PeekMessageA
MessageBoxA
PostQuitMessage
SetTimer
KillTimer

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 261KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/assosfix.reg
SDFix/apps/cliptext.exe
.exe windows:4 windows x86 arch:x86

8ccaad07c2a74227002d7eb7bf1ae705

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
strncpy
strlen
memcpy

kernel32

GetModuleHandleA
HeapCreate
SetEndOfFile
HeapDestroy
ExitProcess
GetFullPathNameA
InitializeCriticalSection
GetCommandLineA
Sleep
HeapAlloc
HeapFree
GetCurrentDirectoryA
WriteFile
CloseHandle
CreateFileA
GetFileSize
SetFilePointer
ReadFile
HeapReAlloc
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
WriteConsoleA

user32

OpenClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard

Sections

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/download.exe
.exe windows:4 windows x86 arch:x86

b233f26b0d24a8835f93c33c0498632e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Sources\Personal\download\Release\download.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetModuleHandleA
GetLastError
WriteFile
GetModuleFileNameA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetLastError
CompareFileTime
DeleteFileA
CloseHandle
CreateFileA
MultiByteToWideChar
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SetFilePointer
LoadLibraryA
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
GetSystemTimeAsFileTime
GetCurrentProcessId
SetStdHandle
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetProcAddress
GetStartupInfoA
GetFileType
GetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
SetHandleCount

shlwapi

PathFindFileNameA
PathFindExtensionA
PathAppendA

wininet

HttpSendRequestA
HttpQueryInfoA
HttpEndRequestA
InternetReadFile
InternetGetLastResponseInfoA
HttpOpenRequestA
FtpOpenFileA
InternetQueryOptionA
InternetSetOptionA
FtpFindFirstFileA
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetCloseHandle
InternetFindNextFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/dummy.sys
.sys windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDFix/apps/fix.reg
SDFix/apps/fixXP.reg
SDFix/apps/grep.exe
.exe windows:4 windows x86 arch:x86

c97b49126e50ac1ce7b74b693d30c071

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
VirtualProtect

msvcrt

_access
_fstat
_getcwd
_isatty
_lseek
_open
_read
_close
_setmode
_stat
_strdup
_cexit
_errno
_fileno
_findclose
_findfirst
_findnext
_fmode
_fpreset
_iob
_setmode
_stat
__getmainargs
_stricmp
_strnicmp
_wcsicmp
abort
atexit
atoi
bsearch
calloc
exit
fclose
feof
ferror
fgets
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
isalnum
isalpha
iscntrl
isdigit
islower
isprint
ispunct
isspace
isupper
__p__environ
isxdigit
malloc
memchr
memcpy
memmove
printf
puts
qsort
realloc
setlocale
signal
strcat
strchr
strcmp
strcoll
strcpy
strerror
strncmp
strrchr
tolower
toupper
__set_app_type

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/isadmin.exe
.exe windows:4 windows x86 arch:x86

433c802f13b0c263fd8d4d514736d2ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleFileNameA
GetModuleHandleA
GlobalAlloc
GlobalLock
WriteFile
ReadFile
CloseHandle
SetFilePointer
CreateFileA
GetFileType
GetStartupInfoA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
GetVersionExA
GetCurrentProcess
GetLastError
CloseHandle
ExitProcess

user32

MessageBoxA

advapi32

GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
OpenProcessToken

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/leg2.txt
SDFix/apps/legacy.txt
SDFix/apps/legacybk.txt
SDFix/apps/locate.com
SDFix/apps/moveex.exe
.exe windows:4 windows x86 arch:x86

4cdabbaf042909d40474537def62ea10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
MoveFileExA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetFullPathNameA
GetCurrentDirectoryA
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetLastError
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
GetTimeZoneInformation
HeapFree
LCMapStringA
LCMapStringW
VirtualAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetFilePointer
SetStdHandle
CloseHandle
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDFix/apps/procs.exe
.exe windows:4 windows x86 arch:x86

9d963430be6c1834c65ce77bc6402d31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegOpenKeyExA

gdi32

MoveToEx

ole32

CoInitialize

oleaut32

SafeArrayCreate

Sections

.DCS0
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DCS1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DCS2
Size: 542B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/psservice.exe
.exe windows:4 windows x86 arch:x86

5962e37bfba183d1e66cfdea8849caaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetServerEnum
NetApiBufferFree

mpr

WNetAddConnection2A

kernel32

LoadLibraryExA
Sleep
FormatMessageA
GetCurrentProcess
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetVersion
GetStdHandle
WriteFile
LocalFree
FreeLibrary
CreateFileA
CloseHandle
GetLastError
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetComputerNameA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetFilePointer
SetStdHandle

advapi32

EnumDependentServicesA
EnumServicesStatusA
QueryServiceConfigA
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/sc.exe
.exe windows:5 windows x86 arch:x86

f07a9e50e4d00f09a736c0dd3fbe78fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_controlfp
_XcptFilter
_exit
_c_exit
wcsncmp
wcscmp
_getche
_wtol
wcscpy
_wcsicmp
wcslen
printf
_except_handler3
_cexit

advapi32

ChangeServiceConfig2W
OpenSCManagerW
StartServiceW
QueryServiceStatusEx
DeleteService
NotifyBootConfigStatus
GetServiceDisplayNameW
GetServiceKeyNameW
EnumServicesStatusW
EnumServiceGroupW
EnumServicesStatusExW
QueryServiceStatus
LockServiceDatabase
UnlockServiceDatabase
QueryServiceLockStatusW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetServiceObjectSecurity
QueryServiceObjectSecurity
ConvertSecurityDescriptorToStringSecurityDescriptorW
EnumDependentServicesW
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
ControlService
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW

kernel32

LocalFree
LocalAlloc
GetLastError
FormatMessageW
GetModuleHandleA

ntdll

RtlAdjustPrivilege

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/sed.exe
.exe windows:4 windows x86 arch:x86

1cee480ebd694271852212fe8916758c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_fdopen
_fstat
_isatty
_open
_pclose
_popen
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_filbuf
_flsbuf
_iob
_isctype
_onexit
_pctype
_setmode
_vsnprintf
abort
atexit
calloc
clearerr
exit
fclose
fflush
fopen
fprintf
fread
free
ftell
fwrite
getenv
malloc
memchr
memcpy
memmove
memset
printf
putchar
puts
realloc
rename
rewind
setlocale
signal
sprintf
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strtoul
tolower
toupper
ungetc
vfprintf

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/shutdown.exe
.exe windows:5 windows x86 arch:x86

737dd07a058d0390144c6eb5454507b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

shutdown.pdb

Imports

user32

ExitWindowsEx
MessageBoxW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
GetDlgItem
CheckDlgButton
EndDialog
EnableWindow
IsDlgButtonChecked
GetWindowTextLengthW
SetWindowTextW
SendMessageW
GetWindowTextW

ole32

CoCreateInstance
CoUninitialize
ReleaseStgMedium
CoInitialize

ntdll

_wtoi
wcscat
DbgPrint
_chkstk
wcsncmp
wcsstr
wcscpy
RtlAdjustPrivilege
RtlNtStatusToDosError
swprintf

netapi32

NetServerEnum
NetApiBufferFree

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__fmode

advapi32

InitiateSystemShutdownExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
AbortSystemShutdownW

kernel32

LocalFree
WriteFile
lstrlenA
WideCharToMultiByte
GetConsoleOutputCP
LocalAlloc
WriteConsoleW
GetConsoleMode
GetFileType
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetEnvironmentVariableW
lstrcmpW
GlobalLock
GlobalUnlock
lstrcpyW
LoadLibraryW
lstrlenW
GetStdHandle
FormatMessageW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetLastError

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/srv2.txt
SDFix/apps/srv2bk.txt
SDFix/apps/svc.txt
SDFix/apps/svcbk.txt
SDFix/apps/swsc.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDFix/apps/unzip.exe
.exe windows:4 windows x86 arch:x86

8e3435044b7cfc8830f0d8f8b832eb70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindFirstFileA
GetFullPathNameA
FindClose
GetDriveTypeA
GetLocaleInfoA
GetConsoleScreenBufferInfo
SetVolumeLabelA
GetStdHandle
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
SetConsoleMode
GetConsoleMode
lstrcpynA
lstrcmpiA
GetFileAttributesA
LeaveCriticalSection
lstrlenA
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetConsoleCtrlHandler
MultiByteToWideChar
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetSystemTime
SetStdHandle
GetFileType
EnterCriticalSection
SystemTimeToFileTime
GetCPInfo
GetACP
GetOEMCP
GetVersion
UnhandledExceptionFilter
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
FlushFileBuffers
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
GetLocaleInfoW
GetVolumeInformationA
GetLocalTime
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetLastError
SetFileAttributesA
SetEndOfFile
CloseHandle
SetFilePointer
HeapReAlloc
GetCommandLineA
WriteFile
GetCurrentDirectoryA
SetEnvironmentVariableW
DeleteFileA
CreateDirectoryA

advapi32

OpenProcessToken
LookupPrivilegeValueA
GetSecurityDescriptorControl
GetKernelObjectSecurity
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidAcl
GetSecurityDescriptorGroup
IsValidSid

user32

CharToOemA
OemToCharA

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/vfind.exe
.exe windows:4 windows x86 arch:x86

74371cf489c765da94c5e3f5f5ded82e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
FindClose
FindNextFileA
FileTimeToSystemTime
SystemTimeToFileTime
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetModuleFileNameA
FindFirstFileA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
GetLastError
FlushFileBuffers
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
CloseHandle
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/apps/winsec.reg
SDFix/apps/zip.exe
.exe windows:4 windows x86 arch:x86

c3cbc2223d9d7ceff6ef52721d311da8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSecurityDescriptorLength
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetKernelObjectSecurity

kernel32

GetVolumeInformationA
GetFileAttributesA
FindClose
FindFirstFileA
GetVersion
GetFileType
CloseHandle
GetFileTime
CreateFileA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
FindNextFileA
GetLastError
lstrcpynA
GetDriveTypeA
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
ExitProcess
TerminateProcess
SetConsoleCtrlHandler
MultiByteToWideChar
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
SetStdHandle
HeapReAlloc
GetCommandLineA
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
FlushFileBuffers
WriteFile
UnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
WideCharToMultiByte
SetEndOfFile
GetStringTypeA
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
GetLocaleInfoW
LCMapStringA
LCMapStringW
DeleteFileA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileInformationByHandle
PeekNamedPipe
RemoveDirectoryA
GetCurrentDirectoryA
GetCurrentProcessId
GetExitCodeProcess
CreateProcessA

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/catchme.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDFix/dummy.sys
.sys windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32B - Virtual size: 5B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: - Virtual size: 204KB

Size: 141KB - Virtual size: 144KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 248KB

UPX1 Size: 135KB - Virtual size: 136KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 264KB

UPX1 Size: 148KB - Virtual size: 152KB

.rsrc Size: 4KB - Virtual size: 8KB

483eec71d218c83e55b1a91993fcb4fe

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 260KB

.idata Size: 1024B - Virtual size: 920B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

260f2d6b4b372c3976adb4866014670f

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 1KB

bc1726dce8cf58cbf8e02dfd7cba8191

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 338B

.data Size: 512B - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 920B

674ead00063f238494b4725620612b42

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 960B

dccff42573edbebc16f4c14991579bbc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

.rsrc
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 248KB

UPX1
Size: 135KB - Virtual size: 136KB

.rsrc
Size: 4KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 264KB

UPX1
Size: 148KB - Virtual size: 152KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 260KB

.idata
Size: 1024B - Virtual size: 920B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 338B

.data
Size: 512B - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 920B

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 960B

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 1024B - Virtual size: 259KB

.rsrc
Size: 46KB - Virtual size: 46KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 224B - Virtual size: 224B

INIT
Size: 736B - Virtual size: 726B

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 192B - Virtual size: 174B

.rdata
Size: 160B - Virtual size: 144B

PAGE
Size: 256B - Virtual size: 231B

INIT
Size: 416B - Virtual size: 402B

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 64B - Virtual size: 44B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 256B - Virtual size: 173B

INIT
Size: 768B - Virtual size: 644B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 256B - Virtual size: 154B

.rdata
Size: 128B - Virtual size: 93B

.data
Size: 128B - Virtual size: 116B

PAGE
Size: 384B - Virtual size: 262B

INIT
Size: 384B - Virtual size: 354B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 128B - Virtual size: 58B