f65cb2284d2ab53ee7f9bf44cfc4441e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f65cb2284d2ab53ee7f9bf44cfc4441e_JaffaCakes118
Size

1.1MB
MD5

f65cb2284d2ab53ee7f9bf44cfc4441e
SHA1

138166138d0b881a52dedc2f30a58755ee78da7f
SHA256

6c72ca53cf7dae281a6fcb694d8fa04e78ef85dcb10259b30355c8d04210d776
SHA512

a887572fadcb691ba5b6b11e9197d671c9d42ec47f7c17c481cd336b97994d281740c348f93e7d1668d1fec3f92d48fad113096a669cba0654d93c1a43df97bc
SSDEEP

24576:lBveilRns2lQ+8E7Jp8kGYuVFB65nCdVMWtICrHVWHq4ama:lBveiLQ+8EwkGRslJ04aJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kernel Detective v1.4.1/Kernel Detective v1.4.1/Kernel Detective.exe
unpack001/Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/lib/rx.dll
unpack001/Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/lib/string_imp.dll
unpack001/Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/ucc12.dll
unpack001/Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/KScript.kdp

Files

f65cb2284d2ab53ee7f9bf44cfc4441e_JaffaCakes118
.rar
Kernel Detective v1.4.1/Kernel Detective v1.4.1/DbgView.bat
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Kernel Detective.exe
.exe windows:5 windows x86 arch:x86

4bcd53920522c3cdec5f87bcff7941a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

c:\Kernel Detective\Application\GM\Bin\Kernel Detective.pdb

Imports

comctl32

ord17
ImageList_Create
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_SetBkColor
ImageList_Destroy

kernel32

GetExitCodeThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GlobalLock
GlobalAlloc
GetSystemDirectoryW
WideCharToMultiByte
GlobalUnlock
GetLastError
QueryDosDeviceW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetSystemInfo
GetCommandLineW
CreateMutexW
GetCurrentProcess
GetTickCount
GetModuleFileNameW
DeleteFileW
GetCurrentProcessId
GetCurrentThread
GetVersionExW
lstrlenW
DeviceIoControl
SetThreadAffinityMask
FindFirstFileW
FreeLibrary
IsBadReadPtr
LoadLibraryW
IsBadWritePtr
FindClose
FindNextFileW
OpenProcess
TerminateProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
LoadLibraryA
Thread32First
TerminateThread
Thread32Next
OpenThread
CreateToolhelp32Snapshot
InitializeCriticalSection
SizeofResource
GetProcAddress
CreateFileA
GetModuleHandleA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
HeapCreate
LCMapStringW
MultiByteToWideChar
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcessHeap
Sleep
CreateRemoteThread
GetModuleHandleW
CreateThread
CloseHandle
GetCurrentThreadId
GetLocalTime
LockResource
SetThreadPriority
CreateFileW
FlushFileBuffers
IsBadCodePtr
WriteFile
LoadResource
FindResourceW
FindResourceExW
SetEndOfFile
SetFilePointer
FileTimeToSystemTime
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStartupInfoA
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree

user32

GetDlgItem
SetWindowLongW
GetWindowLongW
InvalidateRect
DestroyWindow
GetCursorPos
LoadMenuW
GetSubMenu
CreateWindowExW
SetTimer
SetWindowTextW
DestroyMenu
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW
GetMenuItemCount
CreateDialogParamW
CreatePopupMenu
ShowWindow
SendMessageW
CallWindowProcW
MoveWindow
TrackPopupMenu
CheckDlgButton
GetParent
DestroyIcon
PostMessageW
CloseClipboard
wsprintfW
EmptyClipboard
OpenClipboard
SetClipboardData
GetWindowTextLengthW
IsDlgButtonChecked
GetDlgItemTextA
SetMenuItemInfoW
SetDlgItemTextA
TranslateAcceleratorW
GetMenuItemID
DialogBoxParamW
CallNextHookEx
GetClientRect
SetFocus
LoadAcceleratorsW
GetMenu
LoadIconW
AppendMenuW
GetClassNameW
EnableMenuItem
EndDialog
SendDlgItemMessageW
SetWindowPos

gdi32

CreateFontW
SetTextColor
SetBkMode
DeleteObject
SelectObject
CreateSolidBrush
SetBkColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken

shell32

ShellExecuteExW
SHGetFileInfoW
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateGuid

dbghelp

SymEnumSymbolsW
SymFunctionTableAccess64
SymInitializeW
SymGetSymFromAddr64
SymCleanup
SymUnloadModule64
SymGetModuleInfoW64
SymSetOptions
MiniDumpWriteDump
SymGetModuleInfoW
SymLoadModule64
SymGetModuleBase64
StackWalk64

shlwapi

SHDeleteKeyW

psapi

EnumDeviceDrivers
GetDeviceDriverBaseNameW

wintrust

CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

imagehlp

UnMapAndLoad
MapAndLoad

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 398KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/KeDetective.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/Script ext.txt
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/example/diskio.kds
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/example/hxdmp.kds
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/example/scsi.kds
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/_end_shared.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/_shared_lib.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/algorithm
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/assert.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/cctype
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/classlib.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/cmath
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/cstdarg.txt
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/cstdio
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/cstdlib
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/cstring
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/for_each.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/foreach2.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/fstream
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/fstream.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/glib.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/header.cpp
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/io.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/iostream
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/iostream.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/list
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/list.new
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/listx
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/malloc.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/map
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/math.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/new-stdlib.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/old-string
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/regexp.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/rx++.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/self.imp
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/sstream
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/stdarg.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/stddef.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/stdio.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/stdlib.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/string
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/string.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/strstrea.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/strstream.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/test-stdarg.uc
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/time.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/turtle.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/uc_except.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/uc_save.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/uc_timer.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/ucri.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/ucri/persist.h
.js
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/ucri/profile.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/ucri/refs.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/ucri/trace.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/ucri/utils.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/vector
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/winbase.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/windows.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/wininet.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/winuser.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/xgdk/gdk.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/include/yawl.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/lib/extract.awk
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/lib/rx.dll
.dll windows:4 windows x86 arch:x86

3c61d856560a34b2d94cc528cc6f9c14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetFilePointer
FlushFileBuffers
ReadFile
SetStdHandle
CloseHandle

Exports

Exports

regcomp
regerror
regexec
regfree
regncomp
regnexec
rx_regexec
rx_regmatch

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/lib/rx.lib
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/lib/string_imp.dll
.dll windows:4 windows x86 arch:x86

0e9a94e5049f66c8110d6f1ac35bd709

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStringsW
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

??0string@@QAE@ABV0@@Z
??0string@@QAE@KD@Z
??0string@@QAE@PBD@Z
??0string@@QAE@PBDH@Z
??0string@@QAE@XZ
??1string@@QAE@XZ
??4string@@QAEAAV0@ABV0@@Z
??4string@@QAEAAV0@PAD@Z
??8string@@QBE_NABV0@@Z
??8string@@QBE_NPBD@Z
??9@YA_NABVstring@@0@Z
??9@YA_NABVstring@@PBD@Z
??Astring@@QAEAADK@Z
??Astring@@QBEDK@Z
??H@YA?AVstring@@ABV0@0@Z
??H@YA?AVstring@@ABV0@PAD@Z
??M@YA_NABVstring@@0@Z
??O@YA_NABVstring@@0@Z
??Ystring@@QAEAAV0@ABV0@@Z
??Ystring@@QAEAAV0@D@Z
??Ystring@@QAEAAV0@PAD@Z
?append@string@@QAEXPAD@Z
?begin@string@@QBEPADXZ
?bound@string@@QBEKK@Z
?c_str@string@@QBEPADXZ
?compare@string@@QBEHABV1@@Z
?compare@string@@QBEHPBD@Z
?copy@string@@QAEXPAD@Z
?empty@string@@QBE_NXZ
?end@string@@QBEPADXZ
?find@string@@QBEKABV1@@Z
?find@string@@QBEKD@Z
?find@string@@QBEKPAD@Z
?insert@string@@QAEXKABV1@@Z
?length@string@@QBEKXZ
?push_back@string@@QAEXD@Z
?replace@string@@QAEAAV1@KKABV1@@Z
?replace@string@@QAEAAV1@KKPAD@Z
?resize@string@@QAEXK@Z
?rfind@string@@QBEKD@Z
?size@string@@QBEKXZ
?substr@string@@QBE?AV1@KK@Z

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/CPP/ucc12.dll
.dll windows:4 windows x86 arch:x86

fd9edacf655544d91c52702fd1b8b0c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
OpenFile
LoadLibraryA
FreeLibrary
GetProcAddress
GetModuleHandleA
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
MoveFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FlushFileBuffers
WriteFile
ReadFile
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetCurrentDirectoryA

Exports

Exports

??0FBlock@@QAE@PAUInstruction@@H@Z
??0XClass@@QAE@ABV0@@Z
??0XClass@@QAE@PAVNamedTable@@@Z
??0XEntry@@QAE@PAUEntry@@@Z
??0XFunction@@QAE@PAVFunction@@@Z
??0XModule@@QAE@PAVModule@@@Z
??0XNTable@@QAE@ABV0@@Z
??0XNTable@@QAE@PAVNamedTable@@@Z
??0XTemplateFun@@QAE@PAVTemplateEntry@@@Z
??0XTrace@@QAE@ABV0@@Z
??0XTrace@@QAE@_N@Z
??0XType@@QAE@PAVType@@@Z
??4FBlock@@QAEAAU0@ABU0@@Z
??4XClass@@QAEAAV0@ABV0@@Z
??4XEntry@@QAEAAV0@ABV0@@Z
??4XFunction@@QAEAAV0@ABV0@@Z
??4XModule@@QAEAAV0@ABV0@@Z
??4XNTable@@QAEAAV0@ABV0@@Z
??4XTemplateFun@@QAEAAV0@ABV0@@Z
??4XTrace@@QAEAAV0@ABV0@@Z
??4XType@@QAEAAV0@ABV0@@Z
??_7XClass@@6B@
??_7XNTable@@6B@
??_7XTrace@@6B@
??_FFBlock@@QAEXXZ
??_FXEntry@@QAEXXZ
??_FXFunction@@QAEXXZ
??_FXTrace@@QAEXXZ
?addr_mode@XEntry@@QAEHXZ
?args@XFunction@@QAEAAV?$listx@PAVXType@@@@XZ
?as_class@XType@@QBEPAVXClass@@XZ
?as_str@XFunction@@QAEXAAVstring@@@Z
?as_str@XType@@QBEPADXZ
?base_class@XClass@@QAEPAV1@XZ
?base_entry@XEntry@@QAEPAV1@XZ
?class_obj@XClass@@QAEPAVClass@@XZ
?classes@XModule@@QAEAAV?$listx@PAVXClass@@@@XZ
?clone@XEntry@@QAEPAV1@XZ
?create@FBlock@@SAPAU1@PAUEntry@@PAVClass@@@Z
?create@XClass@@QAEPAXXZ
?create@XNTable@@QAEPAVXEntry@@PADPAVXType@@@Z
?data@XEntry@@QAEHXZ
?dispose_of_entries@XNTable@@SAXAAV?$listx@PAVXEntry@@@@@Z
?do_enter@XTrace@@QAE_NXZ
?do_leave@XTrace@@QAE_NXZ
?enter@XTrace@@UAEXPAUXExecState@@@Z
?entry@XEntry@@QAEPAXXZ
?eval@XFunction@@QAEHPAX00@Z
?fblock@XFunction@@QAEPAXXZ
?filename@XModule@@QAEPADXZ
?finalize@FBlock@@QAEXH@Z
?from_fb@XFunction@@SAPAV1@PAX@Z
?from_id@XModule@@SAPAV1@H@Z
?from_name@XModule@@SAPAV1@PAD@Z
?from_str@XType@@SAPAV1@PAD@Z
?fun@XFunction@@QAEPAXXZ
?function@XEntry@@QAEPAVXFunction@@H@Z
?functions@XModule@@QAEAAV?$listx@PAVXFunction@@@@XZ
?functions@XNTable@@QAEAAV?$listx@PAVXFunction@@@@H@Z
?get_args@XFunction@@QAEXPAV?$listx@PAVXType@@@@PAV?$listx@Vstring@@@@@Z
?get_class_of@XClass@@SAPAV1@PAX@Z
?get_functions@XNTable@@QAEXAAV?$listx@PAVXFunction@@@@HPAD@Z
?get_template@XClass@@QAEPAVXTemplateFun@@XZ
?get_trace@XFunction@@QAEPAVXTrace@@XZ
?get_variables@XNTable@@QAEXAAV?$listx@PAVXEntry@@@@HPAD@Z
?has_VMT@XClass@@QAE_NXZ
?inherits_from@XClass@@QAEHPAV1@@Z
?instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?ip_to_line@XFunction@@QAEHPAX@Z
?is_array@XType@@QBE_NXZ
?is_bool@XType@@QBE_NXZ
?is_char@XType@@QBE_NXZ
?is_class@XType@@QBE_NXZ
?is_const@XType@@QBE_NXZ
?is_double@XType@@QBE_NXZ
?is_float@XType@@QBE_NXZ
?is_function@XType@@QBE_NXZ
?is_int@XType@@QBE_NXZ
?is_long@XType@@QBE_NXZ
?is_namespace@XType@@QBE_NXZ
?is_number@XType@@QBE_NXZ
?is_object@XType@@QBE_NXZ
?is_pointer@XType@@QBE_NXZ
?is_reference@XType@@QBE_NXZ
?is_short@XType@@QBE_NXZ
?is_signature@XType@@QBE_NXZ
?is_single@XType@@QBE_NXZ
?is_unsigned@XType@@QBE_NXZ
?is_void@XType@@QBE_NXZ
?leave@XTrace@@UAEXPAUXExecState@@@Z
?lists@XModule@@SAAAV?$listx@PAVXModule@@@@XZ
?lookup@XNTable@@UAEPAVXEntry@@PAD_N@Z
?lookup_class@XNTable@@QAEPAVXClass@@PAD_N@Z
?lookup_local@XFunction@@QAEPAVXEntry@@PAD@Z
?lookup_template@XNTable@@QAEPAVXTemplateFun@@PAD_N@Z
?match_instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?module@XFunction@@QAEHXZ
?name@XEntry@@QAEPADXZ
?name@XFunction@@QAEPADXZ
?name@XNTable@@QAEPADXZ
?name@XTemplateFun@@QAEPADXZ
?native_addr@FBlock@@QAEPAXXZ
?nfun@XEntry@@QAEHXZ
?no_template_parms@XClass@@QAEHXZ
?offset@XNTable@@QAEHPAX@Z
?pcode@XFunction@@QAEPAUXInstruction@@XZ
?pointer_depth@XType@@QBEHXZ
?ptr@XEntry@@QAEPAXPAX@Z
?ret_type@XFunction@@QAEPAVXType@@XZ
?set_class_of@XClass@@QAEXPAX@Z
?set_data@XEntry@@QAEXH@Z
?set_on_entry@XTrace@@QAEX_N@Z
?set_on_exit@XTrace@@QAEX_N@Z
?set_ptr@XEntry@@QAEXPAX0@Z
?set_trace@XFunction@@QAEXPAVXTrace@@@Z
?set_tracing@XFunction@@SAX_N@Z
?size@XEntry@@QAEHXZ
?size@XType@@QBEHXZ
?str_to_val@XEntry@@QAEXPADPAX@Z
?str_to_val@XType@@QAEXPADPAX@Z
?table@XNTable@@QAEPAVNamedTable@@XZ
?template_parm@XClass@@QAEPAVXType@@H@Z
?type@XEntry@@QAEPAVXType@@XZ
?type@XType@@QAEPAVType@@XZ
?typelist@XType@@SAAAV?$listx@PAVXType@@@@PAV1@ZZ
?uc_global@@YAPAVXNTable@@XZ
?uc_std@@YAPAVXNTable@@XZ
?uc_ucri_init@@YAXXZ
?ucri_instruction_counter@@YAPAK_N@Z
?val_as_str@XEntry@@QAEXAAVstring@@PAX@Z
?val_as_str@XType@@QBEXAAVstring@@PAX@Z
?variables@XNTable@@QAEAAV?$listx@PAVXEntry@@@@H@Z
?where@XFunction@@QAEHAAVstring@@@Z
_uc_compile@8
_uc_compile_fn@8
_uc_error@8
_uc_error_pos@4
_uc_eval@12
_uc_eval_exp@12
_uc_eval_method@16
_uc_exec@4
_uc_finis@0
_uc_import@8
_uc_include@4
_uc_init@8
_uc_init_ref@12
_uc_interactive_loop@0
_uc_load@4
_uc_main@8
_uc_main_window@0
_uc_result@8
_uc_run@0
_uc_set_quote@8
uc_eval_args
uc_eval_method_args

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/KScript.kdp
.dll windows:5 windows x86 arch:x86

d669217947123a32503483cd95779612

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17

kernel32

GetFileSizeEx
GetProcAddress
CloseHandle
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
SetEnvironmentVariableW
CreateFileW
LoadLibraryA
FlushFileBuffers
CreateFileA
GetConsoleMode
GetConsoleCP
SetFilePointer
RaiseException
GetModuleFileNameW
LoadLibraryW
WriteFile
HeapSize
GetModuleHandleW
FreeLibrary
GetEnvironmentVariableW
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetLastError
MultiByteToWideChar
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetFileType
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA

user32

GetWindowTextLengthW
GetWindowRect
PostMessageW
DialogBoxParamW
SendMessageA
LoadIconW
GetWindowTextA
GetWindowLongW
GetDlgItem
SetWindowLongW
EndDialog
ShowWindow
IsDlgButtonChecked
MessageBoxW
SetWindowTextA
SendMessageW
SetWindowTextW
CallWindowProcW
MoveWindow
MessageBoxA

gdi32

SetBkColor
CreateFontW
CreateSolidBrush
SetTextColor

comdlg32

GetOpenFileNameA
GetSaveFileNameW

shell32

DragFinish
DragQueryPoint
DragAcceptFiles
DragQueryFileA

Exports

Exports

KdDestroyPlugin
KdInitPlugin
KdOnProcessChange

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/Null/Null/Kdp.h
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/Null/Null/Null.cpp
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/Null/Null/Null.def
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Plugins/Null/Null/Null.vcproj
.xml
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Readme.txt
Kernel Detective v1.4.1/Kernel Detective v1.4.1/Settings.ini
Kernel Detective v1.4.1/Kernel Detective v1.4.1/dbghelp.dll
.dll windows:6 windows x86 arch:x86

fa6b094f828920cf8999743ff0004319

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bcd53920522c3cdec5f87bcff7941a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dbghelp

shlwapi

psapi

wintrust

imagehlp

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 22KB - Virtual size: 37KB

.rsrc Size: 398KB - Virtual size: 400KB

3c61d856560a34b2d94cc528cc6f9c14

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 3KB

0e9a94e5049f66c8110d6f1ac35bd709

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

fd9edacf655544d91c52702fd1b8b0c9

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 340KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 20KB - Virtual size: 594KB

.tls Size: 4KB - Virtual size: 12B

.reloc Size: 28KB - Virtual size: 27KB

d669217947123a32503483cd95779612

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 22KB - Virtual size: 37KB

.rsrc
Size: 398KB - Virtual size: 400KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 344KB - Virtual size: 340KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 20KB - Virtual size: 594KB

.tls
Size: 4KB - Virtual size: 12B

.reloc
Size: 28KB - Virtual size: 27KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 6KB

61:05:f7:1e:00:00:00:00:00:32
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 18KB - Virtual size: 112KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 60KB - Virtual size: 59KB