Extracted

• e05450882b77b27ffde9c694a43568391419da965f68bd8f9dcecad9df83c8ec.bin.sample.gz

  .gz
• sample

  .exe windows:4 windows x86 arch:x86

  d66000edfed0a9938162b2b453ffa516

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  user32

  wsprintfA

  kernel32

  GetLocalTime

  GetModuleFileNameA

  GetTempPathA

  GetVolumeInformationA

  LocalAlloc

  LocalFree

  GetCurrentProcess

  SetFilePointer

  Sleep

  SystemTimeToFileTime

  FileTimeToSystemTime

  VirtualFree

  WaitForSingleObject

  WriteFile

  ExitProcess

  CreateThread

  CreateFileA

  CreateEventA

  CloseHandle

  SetEvent

  VirtualAlloc

  advapi32

  RegSetValueExA

  RegCreateKeyExA

  RegCloseKey

  OpenProcessToken

  GetTokenInformation

  GetSidSubAuthority

  RegOpenKeyExA

  RegDeleteValueA

  wsock32

  WSAStartup

  accept

  bind

  closesocket

  connect

  htonl

  htons

  inet_addr

  inet_ntoa

  ioctlsocket

  listen

  recv

  select

  send

  setsockopt

  shutdown

  socket

  ws2_32

  freeaddrinfo

  WSAIoctl

  getaddrinfo

  ole32

  CoInitialize

  CoCreateInstance

  CoUninitialize

  secur32

  GetUserNameExW

  GetUserNameExA

  Sections

  .text

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 500B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 278B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ