??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell
Behavioral task
behavioral1
Sample
352349ac2d9b315839e039edc50a8d5915b6e73356bbf60b639d6386a02e3e3c.exe
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
General
-
Target
352349ac2d9b315839e039edc50a8d5915b6e73356bbf60b639d6386a02e3e3c
-
Size
6.8MB
-
MD5
5c4252eadef5110f59b1937360ec0841
-
SHA1
193497087d845266b1b91c8feda47f0441a7c605
-
SHA256
352349ac2d9b315839e039edc50a8d5915b6e73356bbf60b639d6386a02e3e3c
-
SHA512
624d57718a63f80d3d3b45f9494fbbb787c78284dca62585429e9617ff850cbcf6fbf7168a763cdf2e596eb336abfa23320c13e5efacbc58eb022919e57388f9
-
SSDEEP
98304:7fwzp7AgI35qVBw2nADIIjVR9fDqN6vyExvXvF:7fwd8F5qVBRnAEKT9W+yEVF
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 352349ac2d9b315839e039edc50a8d5915b6e73356bbf60b639d6386a02e3e3c
Files
-
352349ac2d9b315839e039edc50a8d5915b6e73356bbf60b639d6386a02e3e3c.exe windows:5 windows x86 arch:x86
0f63ce3cca097d58373ee96146836ee0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
engine
TGetLimitLenString
??1KIme@@QAE@XZ
??0KIme@@QAE@XZ
?EnableLanguageChange@KIme@@QAEXXZ
?OpenIME@KIme@@QAEXXZ
?IsIme@KIme@@QAEHXZ
?SetCaretPos@KIme@@QAEXHH@Z
TGetEncodedTextEffectCtrls
TGetEncodedTextOutputLenPos
TClearSpecialCtrlInEncodedText
TSplitString
Misc_CRC32
TSplitEncodedString
TFindSpecialCtrlInEncodedText
?DisableLanguageChange@KIme@@QAEXXZ
?TurnOn@KIme@@QAEXXZ
g_CreateIniFile
g_CreatePath
?KG_EDStringToMD5String@@YAHQADQBD@Z
EDOneTimePad_Encipher
TUnAdviseEngine
TAdviseEngine
?GetInstance@KIme@@SAPAV1@XZ
?CloseIME@KIme@@QAEXXZ
g_ClearPackageFiles
??0CUInt64@@QAE@XZ
?SetDDWORDValue@CUInt64@@QAEXU_KULARGE_INTEGER@@@Z
??0CUInt64@@QAE@H@Z
??YCUInt64@@QAEAAV0@ABV0@@Z
??1CUInt64@@UAE@XZ
??ZCUInt64@@QAEAAV0@ABV0@@Z
?GetDDWORDValue@CUInt64@@QAEAAU_KULARGE_INTEGER@@XZ
?GetCenterPos@KPolygon@@QAEXPAH0@Z
?IsPointInPolygon@KPolygon@@QAEHHH@Z
?Clear@KPolygon@@QAEXXZ
??0KPolygon@@QAE@XZ
g_IsFileExist
g_CreateFile
?g_OpenFile@@YA_NPAPAVIIniFile@@PBDHH@Z
?g_OpenFile@@YA_NPAPAVITabFile@@PBDHH@Z
EDOneTimePad_Decipher
?ShowAllScript@KLuaScript@@QAEXPBD@Z
?IsIncluder@KLua@@QAEHI@Z
?AddIncluder@KLua@@QAEHI@Z
?GetPackIndex@KLua@@QBEHXZ
?JoinPack@KLua@@QAEHH@Z
TGetLimitLenEncodedString
TGetEncodedTextLineCount
?Occupy@KOccupyList@@QAEXH@Z
?KGThread_Sleep@@YAHI@Z
??1KMutex@@QAE@XZ
g_StringHash
g_GetRandomSeed
k_snprintf_n_s
k_snprintf_s_s
g_StringLowerHash
?GetFirstFree@KOccupyList@@QAEHH@Z
?IsOccupy@KOccupyList@@QAEHH@Z
?Free@KOccupyList@@QAEXH@Z
?GetGlobalName@KLua@@QAEXPBD@Z
?GetTable@KLua@@QAEXH@Z
?PushString@KLua@@QAEXPBD@Z
?Pop@KLua@@QAEXH@Z
g_Random
KSG_StringGetInt
KSG_StringSkipSymbol
?CheckScriptA@KLuaScript@@QAEHPBD@Z
?GetScriptA@KLuaScript@@QAEPAVKLua@@I@Z
?ReloadScript@KLuaScript@@QAEHPBD@Z
?CreateScript@KLuaScript@@QAEPAVKLua@@PBD@Z
g_GetFullPath
?DetBreakPoint@KLua@@QAEHPAUlua_State@@PBDH@Z
?SetBreakPoint@KLua@@QAEHPAUlua_State@@PBDH@Z
?RegisterFunctions@KLuaScript@@QAEHPAUTLua_Funcs@@H@Z
?GetScriptCount@KLuaScript@@QAEIXZ
??1KLuaScript@@QAE@XZ
??0KLuaScript@@QAE@H@Z
??0KMutex@@QAE@XZ
?Unlock@KMutex@@QAEHXZ
?Lock@KMutex@@QAEHXZ
?GetTopIndex@KLua@@QAEHXZ
?GetOccupyCount@KOccupyList@@QBEHXZ
?GetElapse@KTimer@@QAEIXZ
?KGLogUnInit@@YAHPAX@Z
?Run@KWin32App@@UAEXXZ
?KGLogPrintf@@YAHW4KGLOG_PRIORITY@@QBDZZ
?KGLogInit@@YAHABU_KGLOG_PARAM@@PAX@Z
??0KWin32App@@QAE@XZ
?Init@KWin32App@@UAEHPAUHINSTANCE__@@PBDH@Z
?ShowMouse@KWin32App@@UAEXH@Z
?InitClass@KWin32App@@MAEHPAUHINSTANCE__@@@Z
?InitWindow@KWin32App@@MAEHPAUHINSTANCE__@@@Z
g_SetFindFileMode
g_LoadPackageFiles
LOC_SetLocalCharacterSet
?KGLogSetPriorityMask@@YAHH@Z
g_UnitePathAndName
g_OpenIniFile
g_SetFilePath
g_SetRootPath
?SetMouseHoverTime@KWin32App@@QAEXI@Z
g_GetBinRootPath
g_OpenFile
?GetMainWnd@KWin32App@@SAPAUHWND__@@XZ
g_GetRootPath
g_OpenTabFile
g_DebugLog
g_RandomSeed
?initial_all_instance@KMemoryPool@@SAXXZ
?destroy_all_instance@KMemoryPool@@SAXXZ
?ExecuteCode@KLua@@QAEHXZ
?LoadBuffer@KLua@@QAEHPBDI0@Z
?SetGlobalName@KLua@@QAEXPBD@Z
?PushNumber@KLua@@QAEXN@Z
g_FileNameHash
?SafeCallEnd@KLua@@QAEXH@Z
?ValueToString@KLua@@QAEPBDH@Z
?ValueToNumber@KLua@@QAENH@Z
?GetElemType@KLua@@QAEHH@Z
?SafeCallBegin@KLua@@QAEXPAH@Z
?CallFunction@KLua@@QAEHPBDH0PAD@Z
k_strlwr
??0KTimer@@QAE@XZ
?Init@KOccupyList@@QAE_NH@Z
??0KOccupyList@@QAE@XZ
??1KOccupyList@@QAE@XZ
?FreeAll@KOccupyList@@QAEXXZ
?Start@KTimer@@QAEXXZ
TEncodeText
?GetNext@KOccupyList@@QBEHH@Z
TRemoveCtrlInEncodedText
?Stop@KTimer@@QAEXXZ
gdi32
DeleteDC
GetObjectA
SelectObject
DeleteObject
GetStockObject
CreateSolidBrush
imm32
ImmAssociateContext
kernel32
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
InterlockedCompareExchange
SetLastError
GetCurrentThreadId
WaitForMultipleObjects
FormatMessageA
GetCurrentDirectoryA
GetSystemTime
GetComputerNameA
TerminateThread
PulseEvent
BindIoCompletionCallback
TerminateProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
OutputDebugStringA
InterlockedExchange
SetEvent
GetExitCodeThread
CreateEventA
InitializeCriticalSection
CreateThread
DeleteCriticalSection
ResetEvent
RaiseException
LeaveCriticalSection
FreeConsole
AllocConsole
SetConsoleTitleA
GetTickCount
GetPrivateProfileIntA
GetCommandLineA
GetModuleFileNameA
Sleep
FreeLibrary
LoadLibraryA
GetProcAddress
CreateSemaphoreA
OpenSemaphoreA
CreatePipe
GetStartupInfoA
CreateProcessA
WaitForSingleObject
PeekNamedPipe
ReadFile
CloseHandle
LocalFree
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LocalAlloc
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
DeleteFileA
lstrlenA
lstrcmpA
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
MulDiv
IsDBCSLeadByte
GetTempPathA
GetTempFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
SystemTimeToTzSpecificLocalTime
GetExitCodeProcess
GetLocalTime
GetVersion
SetFileAttributesA
EnterCriticalSection
InterlockedIncrement
GetLastError
lualibdll
lua_rawget
lua_remove
lua_dobuffer
lua_settop
lua_gettable
lua_execute
lua_compilebuffer
lua_pushstring
lua_settable
lua_pushnil
lua_type
lua_getn
lua_stackspace
lua_error
lua_rawgeti
lua_pushcclosure
lua_setglobal
lua_gettop
lua_isstring
lua_isnumber
lua_tostring
lua_tonumber
lua_pushnumber
lua_newtable
lua_pushusertag
lua_getglobal
lua_pushvalue
msvcp90
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$allocator@D@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?narrow@?$ctype@D@std@@QBEPBDPBD0DPAD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?do_date_order@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MBE?AW4dateorder@time_base@2@XZ
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?is_open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?length@?$char_traits@D@std@@SAIPBD@Z
msvcr90
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_purecall
strncpy
abs
memcpy
sqrt
memmove_s
_chdir
_getcwd
strncmp
_findclose
_findnext64i32
_findfirst64i32
_localtime64
sscanf
strtok
div
strstr
memmove
strtoul
_mktime64
memcmp
freopen
__iob_func
fclose
fabs
clock
strncat
vsprintf
_strtoui64
_mbsstr
_strlwr
sprintf_s
cos
sin
realloc
ceil
floor
strpbrk
putchar
vprintf
atof
abs
_ismbcalpha
_mbschr
_mbsnbcmp
isalnum
_mbscspn
_mbsspn
tolower
toupper
isalpha
isdigit
_wassert
_mbsicmp
isgraph
_CIsqrt
_CIsin
_CIcos
strftime
remove
_mkdir
isspace
isxdigit
isupper
ispunct
isprint
islower
iscntrl
__isascii
memcpy_s
_resetstkoflw
_recalloc
calloc
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
??0exception@std@@QAE@ABV01@@Z
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_beginthreadex
_itoa
_CxxThrowException
atoi
_time64
_ctime64
srand
rand
??2@YAPAXI@Z
??_V@YAXPAX@Z
printf
_strnicmp
strchr
sprintf
strrchr
__CxxFrameHandler
memset
_snprintf
free
_stricmp
??3@YAXPAX@Z
strcmp
_chmod
strcat
strcpy
strlen
malloc
exit
netapi32
Netbios
oleaut32
LoadTypeLib
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
LoadRegTypeLib
SysFreeString
shell32
ShellExecuteExA
ShellExecuteA
user32
OpenClipboard
SetCaretPos
GetClipboardData
SetCursor
LoadCursorFromFileA
IsWindow
GetClassNameA
GetWindow
MoveWindow
GetSysColor
CharNextA
GetClientRect
InvalidateRect
InvalidateRgn
IsChild
GetParent
GetDlgItem
FillRect
CallWindowProcA
DestroyAcceleratorTable
GetFocus
SetFocus
GetDesktopWindow
GetClassInfoExA
CreateAcceleratorTableA
EmptyClipboard
RegisterClipboardFormatA
UnregisterClassA
RegisterClassExA
CreateWindowExA
GetWindowWord
ShowWindow
UpdateWindow
SetClipboardData
wsprintfA
MessageBeep
MessageBoxA
ShowCursor
SetWindowPos
AdjustWindowRectEx
GetMenu
SetWindowLongA
GetWindowLongA
DispatchMessageA
CloseClipboard
InSendMessage
GetMessagePos
ScreenToClient
SetCapture
ReleaseCapture
SetCursorPos
GetWindowTextA
SetWindowTextA
LoadCursorA
DefWindowProcA
PostQuitMessage
EndPaint
GetSystemMetrics
SetTimer
BeginPaint
GetMessageA
TranslateMessage
GetKeyState
PtInRect
ClientToScreen
SendMessageA
PostMessageA
GetWindowTextLengthA
LoadBitmapA
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
ws2_32
setsockopt
WSASocketA
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSARecv
select
WSASend
recv
gethostbyname
gethostname
WSACloseEvent
WSAEventSelect
WSAGetLastError
WSAStartup
WSACleanup
shutdown
listen
bind
connect
htonl
htons
inet_addr
ioctlsocket
send
socket
inet_ntoa
accept
closesocket
WSACreateEvent
ole32
OleInitialize
OleUninitialize
StringFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
Exports
Exports
Sections
UPX0 Size: 5.0MB - Virtual size: 7.3MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.SCY Size: 18KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE