d6259cad7dba6846db26cae312080a78_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6259cad7dba6846db26cae312080a78_JaffaCakes118
Size

647KB
MD5

d6259cad7dba6846db26cae312080a78
SHA1

c8fd90bae4d99f500bd988be4fa704d93f0c5725
SHA256

3df8c6397421ca385bf7a48e87e5c9c90ddb922b6abc36443fc4fa7475815f5d
SHA512

2385bd582d409398a1cf35aace08cc483c14cc5bf7fd792f17d3075a4a6d528041b8735b83c841b252c149da7773fb2a4c981535e67080c6640b8b3068726402
SSDEEP

12288:QEdfhvF9L92SyaQCN85OsgC1qBcVUfnTa7v:QElJ92RzCNFDC1qBcYuT

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
d6259cad7dba6846db26cae312080a78_JaffaCakes118
unpack001/$PLUGINSDIR/AnimGif.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsPerl.dll
unpack001/$PLUGINSDIR/nsisunz.dll
unpack001/perl58.dll
unpack001/tftpnew.exe
unpack001/wget.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

d6259cad7dba6846db26cae312080a78_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AnimGif.dll
.dll windows:4 windows x86 arch:x86

b4b71331b921e2f441a2b05306cd7dae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
ReadFile
lstrcmpiA
SetFilePointer
CloseHandle
TerminateThread
CreateThread
Sleep
lstrcpyA
GlobalFree

user32

ValidateRect
FillRect
InvalidateRgn
GetDC
ReleaseDC
CallWindowProcA
GetSysColor
FindWindowExA
IsWindowVisible
GetClientRect
IsWindow
GetWindowLongA
SetWindowLongA
RedrawWindow
SetRect

gdi32

FillRgn
CreateDIBitmap
CreateCompatibleDC
CreateSolidBrush
GetPixel
DeleteDC
StretchBlt
CreateRectRgn
SetDIBitsToDevice
DeleteObject
SetRectRgn
CombineRgn
SelectObject

msvcrt

strtoul
strchr
??2@YAPAXI@Z
__dllonexit
_onexit
??3@YAXPAX@Z

Exports

Exports

play
stop

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

54317f9e35e039c28fdb421cf518703e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strtol
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
_mbschr
strlen

kernel32

DeleteFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
CreateFileA
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
GetWindowLongA
IsWindow
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SetWindowTextA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsPerl.dll
.dll windows:4 windows x86 arch:x86

a33e2f0d742b613f98e859364f178033

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

perl58

perl_parse
perl_construct
perl_alloc
Perl_sv_2pv_nolen
Perl_sv_2bool
Perl_Iexit_flags_ptr
Perl_Ierrgv_ptr
Perl_eval_pv
perl_free
perl_destruct
perl_run
boot_DynaLoader
Perl_newXS
Perl_newSVnv
Perl_Isv_undef_ptr
Perl_newSVpv
Perl_sv_2mortal
Perl_get_context
Perl_Tstack_sp_ptr
Perl_Tmarkstack_ptr_ptr
Perl_Tstack_base_ptr
Perl_sv_2pv_flags
Perl_Isv_yes_ptr
Perl_TXpv_ptr
Perl_Isv_no_ptr

kernel32

FindResourceA
lstrcpyA
GlobalFree
lstrlenA
lstrcpynA
GetModuleHandleA
lstrcmpA
LoadResource
LockResource
GlobalAlloc

user32

FindWindowExA
MessageBoxA
SendMessageA

Exports

Exports

exec
execFile
execResource

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:4 windows x86 arch:x86

0f92772da9c737d2bac38919e9863980

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
lstrcatA
lstrlenA
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
CreateFileA
WriteFile
ReadFile
CloseHandle
SetFilePointer

user32

MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
CharPrevA
wsprintfA
SendMessageA
GetDlgItem
FindWindowExA

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BSNLSafe.GIF
.gif
NSN-restore.pl
execute.pl
inprogress.gif
.gif
perl58.dll
.dll windows:4 windows x86 arch:x86

29bd8a7a45bca16c193484e7927fe4ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsAlloc
WaitForMultipleObjects
GetProcAddress
LoadLibraryA
DeleteCriticalSection
FreeLibrary
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsA
GetEnvironmentStrings
GetLogicalDriveStringsA
GetLogicalDrives
SetCurrentDirectoryA
MultiByteToWideChar
GetFullPathNameA
SetCurrentDirectoryW
WideCharToMultiByte
GetFullPathNameW
GetFileAttributesA
CreateThread
GetCurrentThreadId
GetModuleFileNameA
TlsFree
DisableThreadLibraryCalls
GetModuleHandleA
FindFirstFileA
FindNextFileA
FindClose
GetTempFileNameA
GenerateConsoleCtrlEvent
TerminateProcess
OpenProcess
TerminateThread
Sleep
GetVolumeInformationA
GetFileInformationByHandle
CreateFileA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetProcessTimes
InitializeCriticalSection
CloseHandle
SetFileTime
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemInfo
GetComputerNameA
GetTickCount
GetExitCodeProcess
GetExitCodeThread
LockFileEx
UnlockFileEx
FormatMessageA
LocalFree
LocalAlloc
GetTempPathA
GetStdHandle
SetStdHandle
CreateFileW
DeleteFileA
MoveFileExA
SetEndOfFile
SetFilePointer
ReadFile
GetCurrentDirectoryA
CreateProcessA
LoadLibraryExA
GetDriveTypeA
GetVersionExA
GetShortPathNameA
CopyFileA
SetConsoleCtrlHandler
TlsSetValue
TlsGetValue
WriteFile
DuplicateHandle
RaiseException
InterlockedExchange
SetLastError
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
SetFileAttributesA

user32

CreateWindowExA
PostThreadMessageA
KillTimer
PeekMessageA
MsgWaitForMultipleObjects
SetTimer
DestroyWindow
PostMessageA
CharUpperA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetUserNameA

msvcrt

strtod
_stati64
clock
_getpid
_adjust_fdiv
memcpy
memmove
strchr
_errno
atoi
strcat
strlen
memset
strerror
memcmp
_ftol
strcmp
strncmp
localeconv
setlocale
toupper
tolower
_pctype
__mb_cur_max
_isctype
strxfrm
__p__environ
exit
getc
strcpy
qsort
strrchr
_setjmp3
time
abort
longjmp
pow
fmod
floor
_isnan
atan2
sin
cos
rand
srand
exp
log
sqrt
ceil
sprintf
modf
gmtime
localtime
memchr
frexp
strftime
??3@YAXPAX@Z
wcscpy
wcslen
strncpy
wcscat
wcsncpy
fsetpos
fgetpos
tmpnam
_exit
??2@YAPAXI@Z
__CxxFrameHandler
bsearch
vsprintf
fclose
_iob
fgetc
ungetc
_close
_initterm
free
_get_osfhandle
_sys_nerr
vfprintf
vprintf
fread
fwrite
fopen
freopen
fputs
fputc
strstr
clearerr
fflush
_telli64
fseek
rewind
_pipe
_fmode
rename
_lseeki64
__doserrno
__pioinfo
perror
setbuf
setvbuf
fgets
gets
putc
puts
getchar
putchar
malloc
calloc
realloc
_unlink
_open_osfhandle
_control87
signal
wcstombs
_fstati64
_setmode
getenv
_strupr
_access
_getcwd
_isatty
_mktemp
_umask
_execl
_fileno
_stricmp
_mkdir
_utime
_fdopen
_rmdir
_open
_eof
_dup
_dup2
_write
_execv
_chdir
_chmod
_flushall
_spawnv
_execvp
_fcloseall

Exports

Exports

PL_AMG_names
PL_check
PL_fold
PL_fold_locale
PL_freq
PL_memory_wrap
PL_no_aelem
PL_no_dir_func
PL_no_func
PL_no_helem
PL_no_helem_sv
PL_no_localize_ref
PL_no_mem
PL_no_modify
PL_no_myglob
PL_no_security
PL_no_sock_func
PL_no_symref
PL_no_usym
PL_no_wrongref
PL_op_desc
PL_op_name
PL_opargs
PL_ppaddr
PL_regkind
PL_sig_name
PL_sig_num
PL_simple
PL_utf8skip
PL_uuemap
PL_varies
PL_vtbl_amagic
PL_vtbl_amagicelem
PL_vtbl_arylen
PL_vtbl_backref
PL_vtbl_bm
PL_vtbl_collxfrm
PL_vtbl_dbline
PL_vtbl_defelem
PL_vtbl_env
PL_vtbl_envelem
PL_vtbl_fm
PL_vtbl_glob
PL_vtbl_isa
PL_vtbl_isaelem
PL_vtbl_mglob
PL_vtbl_nkeys
PL_vtbl_pack
PL_vtbl_packelem
PL_vtbl_pos
PL_vtbl_regdata
PL_vtbl_regdatum
PL_vtbl_regexp
PL_vtbl_sig
PL_vtbl_sigelem
PL_vtbl_substr
PL_vtbl_sv
PL_vtbl_taint
PL_vtbl_utf8
PL_vtbl_uvar
PL_vtbl_vec
PL_warn_nl
PL_warn_nosemi
PL_warn_reserved
PL_warn_uninit
PerlIOBase_binmode
PerlIOBase_clearerr
PerlIOBase_close
PerlIOBase_dup
PerlIOBase_eof
PerlIOBase_error
PerlIOBase_fileno
PerlIOBase_noop_fail
PerlIOBase_noop_ok
PerlIOBase_popped
PerlIOBase_pushed
PerlIOBase_read
PerlIOBase_setlinebuf
PerlIOBase_unread
PerlIOBuf_bufsiz
PerlIOBuf_close
PerlIOBuf_dup
PerlIOBuf_fill
PerlIOBuf_flush
PerlIOBuf_get_base
PerlIOBuf_get_cnt
PerlIOBuf_get_ptr
PerlIOBuf_open
PerlIOBuf_popped
PerlIOBuf_pushed
PerlIOBuf_read
PerlIOBuf_seek
PerlIOBuf_set_ptrcnt
PerlIOBuf_tell
PerlIOBuf_unread
PerlIOBuf_write
PerlIO_allocate
PerlIO_apply_layera
PerlIO_apply_layers
PerlIO_arg_fetch
PerlIO_binmode
PerlIO_byte
PerlIO_canset_cnt
PerlIO_crlf
PerlIO_debug
PerlIO_define_layer
PerlIO_exportFILE
PerlIO_fast_gets
PerlIO_fdopen
PerlIO_findFILE
PerlIO_getc
PerlIO_getname
PerlIO_getpos
PerlIO_has_base
PerlIO_has_cntptr
PerlIO_importFILE
PerlIO_init
PerlIO_isutf8
PerlIO_layer_fetch
PerlIO_list_free
PerlIO_modestr
PerlIO_open
PerlIO_parse_layers
PerlIO_pending
PerlIO_perlio
PerlIO_pop
PerlIO_printf
PerlIO_push
PerlIO_putc
PerlIO_puts
PerlIO_raw
PerlIO_releaseFILE
PerlIO_reopen
PerlIO_rewind
PerlIO_setpos
PerlIO_sprintf
PerlIO_stdio
PerlIO_stdoutf
PerlIO_sv_dup
PerlIO_tmpfile
PerlIO_ungetc
PerlIO_unix
PerlIO_utf8
PerlIO_vprintf
PerlIO_vsprintf
PerlIO_win32
Perl_GNo_ptr
Perl_GYes_ptr
Perl_Gcsighandlerp_ptr
Perl_Gcurinterp_ptr
Perl_Gdo_undump_ptr
Perl_Gdollarzero_mutex_ptr
Perl_Ghexdigit_ptr
Perl_Glockhook_ptr
Perl_Gop_mutex_ptr
Perl_Gpatleave_ptr
Perl_Grunops_dbg_ptr
Perl_Grunops_std_ptr
Perl_Gsh_path_ptr
Perl_Gsharehook_ptr
Perl_Gsigfpe_saved_ptr
Perl_Gsv_placeholder_ptr
Perl_Gthr_key_ptr
Perl_Gthreadhook_ptr
Perl_Gunlockhook_ptr
Perl_Guse_safe_putenv_ptr
Perl_Gv_AMupdate
Perl_IArgv_ptr
Perl_IBINCOMPAT0_ptr
Perl_ICmd_ptr
Perl_IDBgv_ptr
Perl_IDBline_ptr
Perl_IDBsignal_ptr
Perl_IDBsingle_ptr
Perl_IDBsub_ptr
Perl_IDBtrace_ptr
Perl_IDir_ptr
Perl_IEnv_ptr
Perl_ILIO_ptr
Perl_IMemParse_ptr
Perl_IMemShared_ptr
Perl_IMem_ptr
Perl_IOpPtr_ptr
Perl_IOpSlab_ptr
Perl_IOpSpace_ptr
Perl_IProc_ptr
Perl_ISock_ptr
Perl_IStdIO_ptr
Perl_Iamagic_generation_ptr
Perl_Ian_ptr
Perl_Iargvgv_ptr
Perl_Iargvout_stack_ptr
Perl_Iargvoutgv_ptr
Perl_Ibasetime_ptr
Perl_Ibeginav_ptr
Perl_Ibeginav_save_ptr
Perl_Ibitcount_ptr
Perl_Ibufend_ptr
Perl_Ibufptr_ptr
Perl_Icheckav_ptr
Perl_Icheckav_save_ptr
Perl_Iclocktick_ptr
Perl_Icollation_ix_ptr
Perl_Icollation_name_ptr
Perl_Icollation_standard_ptr
Perl_Icollxfrm_base_ptr
Perl_Icollxfrm_mult_ptr
Perl_Icompcv_ptr
Perl_Icompiling_ptr
Perl_Icomppad_name_fill_ptr
Perl_Icomppad_name_floor_ptr
Perl_Icomppad_name_ptr
Perl_Icomppad_ptr
Perl_Icop_seqmax_ptr
Perl_Icopline_ptr
Perl_Icurcopdb_ptr
Perl_Icurstname_ptr
Perl_Icustom_op_descs_ptr
Perl_Icustom_op_names_ptr
Perl_Idbargs_ptr
Perl_Idebstash_ptr
Perl_Idebug_pad_ptr
Perl_Idebug_ptr
Perl_Idef_layerlist_ptr
Perl_Idefgv_ptr
Perl_Idiehook_ptr
Perl_Idoextract_ptr
Perl_Idoswitches_ptr
Perl_Idowarn_ptr
Perl_Ie_script_ptr
Perl_Iegid_ptr
Perl_Iencoding_ptr
Perl_Iendav_ptr
Perl_Ienvgv_ptr
Perl_Ierrgv_ptr
Perl_Ierror_count_ptr
Perl_Ieuid_ptr
Perl_Ieval_root_ptr
Perl_Ieval_start_ptr
Perl_Ievalseq_ptr
Perl_Iexit_flags_ptr
Perl_Iexitlist_ptr
Perl_Iexitlistlen_ptr
Perl_Iexpect_ptr
Perl_Ifdpid_ptr
Perl_Ifdscript_ptr
Perl_Ifilemode_ptr
Perl_Iforkprocess_ptr
Perl_Iformfeed_ptr
Perl_Igensym_ptr
Perl_Igid_ptr
Perl_Iglob_index_ptr
Perl_Iglobalstash_ptr
Perl_Ihash_seed_ptr
Perl_Ihash_seed_set_ptr
Perl_Ihe_arenaroot_ptr
Perl_Ihe_root_ptr
Perl_Ihintgv_ptr
Perl_Ihints_ptr
Perl_Iin_clean_all_ptr
Perl_Iin_clean_objs_ptr
Perl_Iin_load_module_ptr
Perl_Iin_my_ptr
Perl_Iin_my_stash_ptr
Perl_Iincgv_ptr
Perl_Iinitav_ptr
Perl_Iinplace_ptr
Perl_Iknown_layers_ptr
Perl_Ilast_lop_op_ptr
Perl_Ilast_lop_ptr
Perl_Ilast_swash_hv_ptr
Perl_Ilast_swash_key_ptr
Perl_Ilast_swash_klen_ptr
Perl_Ilast_swash_slen_ptr
Perl_Ilast_swash_tmps_ptr
Perl_Ilast_uni_ptr
Perl_Ilastfd_ptr
Perl_Ilaststatval_ptr
Perl_Ilaststype_ptr
Perl_Ilex_brackets_ptr
Perl_Ilex_brackstack_ptr
Perl_Ilex_casemods_ptr
Perl_Ilex_casestack_ptr
Perl_Ilex_defer_ptr
Perl_Ilex_dojoin_ptr
Perl_Ilex_expect_ptr
Perl_Ilex_formbrack_ptr
Perl_Ilex_inpat_ptr
Perl_Ilex_inwhat_ptr
Perl_Ilex_op_ptr
Perl_Ilex_repl_ptr
Perl_Ilex_starts_ptr
Perl_Ilex_state_ptr
Perl_Ilex_stuff_ptr
Perl_Ilineary_ptr
Perl_Ilinestr_ptr
Perl_Ilocalpatches_ptr
Perl_Ilockhook_ptr
Perl_Imain_cv_ptr
Perl_Imain_root_ptr
Perl_Imain_start_ptr
Perl_Imax_intro_pending_ptr
Perl_Imaxo_ptr
Perl_Imaxsysfd_ptr
Perl_Imess_sv_ptr
Perl_Imin_intro_pending_ptr
Perl_Iminus_F_ptr
Perl_Iminus_a_ptr
Perl_Iminus_c_ptr
Perl_Iminus_l_ptr
Perl_Iminus_n_ptr
Perl_Iminus_p_ptr
Perl_Imodglobal_ptr
Perl_Imulti_close_ptr
Perl_Imulti_end_ptr
Perl_Imulti_open_ptr
Perl_Imulti_start_ptr
Perl_Imultiline_ptr
Perl_Inexttoke_ptr
Perl_Inexttype_ptr
Perl_Inextval_ptr
Perl_Inice_chunk_ptr
Perl_Inice_chunk_size_ptr
Perl_Inomemok_ptr
Perl_Inullstash_ptr
Perl_Inumeric_compat1_ptr
Perl_Inumeric_local_ptr
Perl_Inumeric_name_ptr
Perl_Inumeric_radix_sv_ptr
Perl_Inumeric_standard_ptr
Perl_Iofmt_ptr
Perl_Ioldbufptr_ptr
Perl_Ioldname_ptr
Perl_Ioldoldbufptr_ptr
Perl_Iop_mask_ptr
Perl_Iop_seqmax_ptr
Perl_Iorigalen_ptr
Perl_Iorigargc_ptr
Perl_Iorigargv_ptr
Perl_Iorigenviron_ptr
Perl_Iorigfilename_ptr
Perl_Iors_sv_ptr
Perl_Iosname_ptr
Perl_Ipad_reset_pending_ptr
Perl_Ipadix_floor_ptr
Perl_Ipadix_ptr
Perl_Ipatchlevel_ptr
Perl_Iperl_destruct_level_ptr
Perl_Iperldb_ptr
Perl_Iperlio_ptr
Perl_Ipidstatus_ptr
Perl_Ipreambleav_ptr
Perl_Ipreambled_ptr
Perl_Ipreprocess_ptr
Perl_Iprofiledata_ptr
Perl_Ipsig_name_ptr
Perl_Ipsig_pend_ptr
Perl_Ipsig_ptr_ptr
Perl_Ipte_arenaroot_ptr
Perl_Ipte_root_ptr
Perl_Iptr_table_ptr
Perl_Ireentrant_retint_ptr
Perl_Iregex_pad_ptr
Perl_Iregex_padav_ptr
Perl_Irehash_seed_ptr
Perl_Irehash_seed_set_ptr
Perl_Ireplgv_ptr
Perl_Irsfp_filters_ptr
Perl_Irsfp_ptr
Perl_Irunops_dbg_ptr
Perl_Irunops_ptr
Perl_Irunops_std_ptr
Perl_Isavebegin_ptr
Perl_Isawampersand_ptr
Perl_Ish_path_compat_ptr
Perl_Ish_path_ptr
Perl_Isharehook_ptr
Perl_Isig_pending_ptr
Perl_Isighandlerp_ptr
Perl_Isignals_ptr
Perl_Isort_RealCmp_ptr
Perl_Isplitstr_ptr
Perl_Isrand_called_ptr
Perl_Istashcache_ptr
Perl_Istatusvalue_ptr
Perl_Istderrgv_ptr
Perl_Istdingv_ptr
Perl_Istrtab_ptr
Perl_Isub_generation_ptr
Perl_Isubline_ptr
Perl_Isubname_ptr
Perl_Isuidscript_ptr
Perl_Isv_arenaroot_ptr
Perl_Isv_count_ptr
Perl_Isv_no_ptr
Perl_Isv_objcount_ptr
Perl_Isv_root_ptr
Perl_Isv_undef_ptr
Perl_Isv_yes_ptr
Perl_Isys_intern_ptr
Perl_Itaint_warn_ptr
Perl_Itainting_ptr
Perl_Ithreadhook_ptr
Perl_Itokenbuf_ptr
Perl_Iuid_ptr
Perl_Iunicode_ptr
Perl_Iunlockhook_ptr
Perl_Iunsafe_ptr
Perl_Iutf8_alnum_ptr
Perl_Iutf8_alnumc_ptr
Perl_Iutf8_alpha_ptr
Perl_Iutf8_ascii_ptr
Perl_Iutf8_cntrl_ptr
Perl_Iutf8_digit_ptr
Perl_Iutf8_graph_ptr
Perl_Iutf8_idcont_ptr
Perl_Iutf8_idstart_ptr
Perl_Iutf8_lower_ptr
Perl_Iutf8_mark_ptr
Perl_Iutf8_print_ptr
Perl_Iutf8_punct_ptr
Perl_Iutf8_space_ptr
Perl_Iutf8_tofold_ptr
Perl_Iutf8_tolower_ptr
Perl_Iutf8_totitle_ptr
Perl_Iutf8_toupper_ptr
Perl_Iutf8_upper_ptr
Perl_Iutf8_xdigit_ptr
Perl_Iutf8locale_ptr
Perl_Iuudmap_ptr
Perl_Iwantutf8_ptr
Perl_Iwarnhook_ptr
Perl_Iwidesyscalls_ptr
Perl_Ixiv_arenaroot_ptr
Perl_Ixiv_root_ptr
Perl_Ixnv_arenaroot_ptr
Perl_Ixnv_root_ptr
Perl_Ixpv_arenaroot_ptr
Perl_Ixpv_root_ptr
Perl_Ixpvav_arenaroot_ptr
Perl_Ixpvav_root_ptr
Perl_Ixpvbm_arenaroot_ptr
Perl_Ixpvbm_root_ptr
Perl_Ixpvcv_arenaroot_ptr
Perl_Ixpvcv_root_ptr
Perl_Ixpvhv_arenaroot_ptr
Perl_Ixpvhv_root_ptr
Perl_Ixpviv_arenaroot_ptr
Perl_Ixpviv_root_ptr
Perl_Ixpvlv_arenaroot_ptr
Perl_Ixpvlv_root_ptr
Perl_Ixpvmg_arenaroot_ptr
Perl_Ixpvmg_root_ptr
Perl_Ixpvnv_arenaroot_ptr
Perl_Ixpvnv_root_ptr
Perl_Ixrv_arenaroot_ptr
Perl_Ixrv_root_ptr
Perl_Iyychar_ptr
Perl_Iyydebug_ptr
Perl_Iyyerrflag_ptr
Perl_Iyylval_ptr
Perl_Iyynerrs_ptr
Perl_Iyyval_ptr
Perl_PerlIO_clearerr
Perl_PerlIO_close
Perl_PerlIO_eof
Perl_PerlIO_error
Perl_PerlIO_fileno
Perl_PerlIO_fill
Perl_PerlIO_flush
Perl_PerlIO_get_base
Perl_PerlIO_get_bufsiz
Perl_PerlIO_get_cnt
Perl_PerlIO_get_ptr
Perl_PerlIO_read
Perl_PerlIO_seek
Perl_PerlIO_set_cnt
Perl_PerlIO_set_ptrcnt
Perl_PerlIO_setlinebuf
Perl_PerlIO_stderr
Perl_PerlIO_stdin
Perl_PerlIO_stdout
Perl_PerlIO_tell
Perl_PerlIO_unread
Perl_PerlIO_write
Perl_Slab_Alloc
Perl_Slab_Free
Perl_TSv_ptr
Perl_TXpv_ptr
Perl_Tav_fetch_sv_ptr
Perl_Tbodytarget_ptr
Perl_Tbostr_ptr
Perl_Tchopset_ptr
Perl_Tcolors_ptr
Perl_Tcolorset_ptr
Perl_Tcomppad_ptr
Perl_Tcurcop_ptr
Perl_Tcurpad_ptr
Perl_Tcurpm_ptr
Perl_Tcurstack_ptr

Sections

.text
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
test-Fw-NSN.pl
test-Fw-chin.pl
test-Fw.pl
tftpnew.exe
.exe windows:4 windows x86 arch:x86

a8fe02b2102a5784ecd89d1c55231b66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\TFTPServer\Sources\TFTPClient\tftp\Release\tftp.pdb

Imports

ws2_32

sendto
recvfrom
closesocket
socket
WSACleanup
WSAStartup
inet_addr
gethostbyname
htons
htonl
select
WSAGetLastError
__WSAFDIsSet
ntohl
ntohs

kernel32

GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
SetEndOfFile
CreateFileA
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
GetLastError
DeleteFileA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
DeleteCriticalSection
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CloseHandle
ReadFile
SetFilePointer
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wait.gif
.gif
wget.exe
.exe windows:1 windows x86 arch:x86

91afa2950fb9c03d392b295ce9394409

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

user32

CharUpperBuffA
MessageBoxA
WinHelpA

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetTimeZoneInformation
GetVersionExA
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
OutputDebugStringA
ReadConsoleInputA
ReadFile
SearchPathA
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTitleA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

wsock32

WSAStartup
WSACleanup
gethostname
inet_addr
gethostbyname
gethostbyaddr
ioctlsocket
WSAGetLastError
send
recv
accept
select
listen
ntohs
getsockname
closesocket
bind
htonl
setsockopt
connect
socket
htons

Sections

AUTO
Size: 115KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 32KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 13KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 20KB - Virtual size: 20KB

b4b71331b921e2f441a2b05306cd7dae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 224B

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 382B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

54317f9e35e039c28fdb421cf518703e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 224B

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 382B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 432B

.reloc
Size: 512B - Virtual size: 386B

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 706B

.text
Size: 592KB - Virtual size: 591KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 40KB - Virtual size: 45KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

AUTO
Size: 115KB - Virtual size: