xopescobal[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

xopescobal.zip
Size

594KB
MD5

a7816e37ca6d24353b6a121a19f89e04
SHA1

ee20047063cdd39c5ebc1fe4ba80a93246433c66
SHA256

73cfce97f633fc65b66744e894cac0dd0dd2fd02db6f15bff1a89e5076f80186
SHA512

7a48c99c92157efbb2fd2f656e56993093a8423f34002e736242bdcc5787eb8be37feb7b7ec31d15877bdd04a3be514416fc97d7c1c6cf144f1ff6287df528f7
SSDEEP

12288:A+DyIchjVK74wCo9xBZk9hhcnxh77RpQ/Pkdq6oGh:7D3cyCmZ2cnD7RkPkdhh

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack002/kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.ArchiverProviders.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.CoreProviders.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MetaProvider.PowerShell.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MsiProvider.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MsuProvider.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/Microsoft.PowerShell.PackageManagement.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.ArchiverProviders.resources.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.CoreProviders.resources.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.MsiProvider.resources.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.MsuProvider.resources.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.resources.dll
unpack002/kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PowerShell.PackageManagement.resources.dll

Files

xopescobal.zip
.zip
kl.zip
.zip
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Diagnostics/Comprehensive/Comprehensive.Tests.ps1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Diagnostics/Simple/Simple.Tests.ps1
.ps1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Microsoft.PowerShell.Operation.Validation.Format.ps1xml
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Microsoft.PowerShell.Operation.Validation.psd1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Microsoft.PowerShell.Operation.Validation.psm1
.ps1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/OperationValidationResources.psd1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Microsoft.PowerShell.Operation.Validation.Tests.ps1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example1.Diagnostics/Diagnostics/Simple/Example1.Diagnostics.Tests.ps1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example2.Diagnostics/1.0.1/Diagnostics/Simple/Example2.Diagnostics.Tests.ps1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example2.Diagnostics/1.0.1/Example2.Diagnostics.psd1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example3.Diagnostics/1.1.1/Diagnostics/Simple/Example3A.Diagnostics.Tests.ps1
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example3.Diagnostics/2.0.1/Diagnostics/Simple/Example3B.Diagnostics.Tests.ps1
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagement/MSFT_PackageManagement.psm1
.ps1
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagement/MSFT_PackageManagement.schema.mof
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagement/en-US/MSFT_PackageManagement.schema.mfl
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagement/en-US/MSFT_PackageManagement.strings.psd1
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagementSource/MSFT_PackageManagementSource.psm1
.ps1
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagementSource/MSFT_PackageManagementSource.schema.mof
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagementSource/en-US/MSFT_PackageManagementSource.schema.mfl
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagementSource/en-US/MSFT_PackageManagementSource.strings.psd1
kl/Modules/PackageManagement/1.0.0.1/DSCResources/PackageManagementDscUtilities.psm1
.ps1
kl/Modules/PackageManagement/1.0.0.1/DSCResources/en-US/PackageManagementDscUtilities.strings.psd1
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.ArchiverProviders.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.PackageManagement.ArchiverProviders.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.CoreProviders.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.PackageManagement.CoreProviders.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MetaProvider.PowerShell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.PackageManagement.MetaProvider.PowerShell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MsiProvider.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.PackageManagement.MsiProvider.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MsuProvider.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.PackageManagement.MsuProvider.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.PackageManagement.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PowerShell.PackageManagement.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.PowerShell.PackageManagement.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/PackageManagement.format.ps1xml
.xml
kl/Modules/PackageManagement/1.0.0.1/PackageManagement.psd1
kl/Modules/PackageManagement/1.0.0.1/PackageProviderFunctions.psm1
.ps1
kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.ArchiverProviders.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.CoreProviders.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.MsiProvider.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.MsuProvider.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PackageManagement.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/PackageManagement/1.0.0.1/en/Microsoft.PowerShell.PackageManagement.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kl/Modules/Pester/3.4.0/Build.bat
kl/Modules/Pester/3.4.0/CHANGELOG.md
.ps1
kl/Modules/Pester/3.4.0/Examples/Calculator/Add-Numbers.Tests.ps1
kl/Modules/Pester/3.4.0/Examples/Calculator/Add-Numbers.ps1
kl/Modules/Pester/3.4.0/Examples/Validator/Validator.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Be.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Be.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeGreaterThan.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeGreaterThan.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeLessThan.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeLessThan.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeLike.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeLike.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeLikeExactly.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeLikeExactly.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeNullOrEmpty.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeNullOrEmpty.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeOfType.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/BeOfType.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Contain.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Contain.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/ContainExactly.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/ContainExactly.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Exist.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Exist.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Match.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Match.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/MatchExactly.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/MatchExactly.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/PesterThrow.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/PesterThrow.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Set-TestInconclusive.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Should.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Should.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Assertions/Test-Assertion.ps1
kl/Modules/Pester/3.4.0/Functions/BreakAndContinue.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/Context.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Context.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Coverage.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Coverage.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Describe.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Describe.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/GlobalMock-A.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/GlobalMock-B.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/In.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/In.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/InModuleScope.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/InModuleScope.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/It.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/It.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Mock.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/Mock.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/New-Fixture.Tests.ps1
kl/Modules/Pester/3.4.0/Functions/New-Fixture.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/PesterState.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/PesterState.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/SetupTeardown.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/SetupTeardown.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/TestDrive.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/TestDrive.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/TestResults.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/TestResults.ps1
.ps1
kl/Modules/Pester/3.4.0/Functions/TestsRunningInCleanRunspace.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/LICENSE
kl/Modules/Pester/3.4.0/Pester.Tests.ps1
.ps1
kl/Modules/Pester/3.4.0/Pester.nuspec
.xml
kl/Modules/Pester/3.4.0/Pester.psd1
kl/Modules/Pester/3.4.0/Pester.psm1
.ps1
kl/Modules/Pester/3.4.0/README.md
.ps1
kl/Modules/Pester/3.4.0/Snippets/Context.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/Describe.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/It.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldBe.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldBeGreaterThan.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldBeLessThan.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldBeNullOrEmpty.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldContain.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldExist.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldMatch.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldNotBe.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldNotBeNullOrEmpty.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldNotContain.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldNotExist.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldNotMatch.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldNotThrow.snippets.ps1xml
kl/Modules/Pester/3.4.0/Snippets/ShouldThrow.snippets.ps1xml
kl/Modules/Pester/3.4.0/bin/Pester.bat
kl/Modules/Pester/3.4.0/build.psake.ps1
kl/Modules/Pester/3.4.0/chocolateyInstall.ps1
.ps1
kl/Modules/Pester/3.4.0/en-US/about_BeforeEach_AfterEach.help.txt
kl/Modules/Pester/3.4.0/en-US/about_Mocking.help.txt
.ps1
kl/Modules/Pester/3.4.0/en-US/about_Pester.help.txt
.ps1
kl/Modules/Pester/3.4.0/en-US/about_TestDrive.help.txt
.ps1
kl/Modules/Pester/3.4.0/en-US/about_should.help.txt
.ps1
kl/Modules/Pester/3.4.0/nunit_schema_2.5.xsd
.xml
kl/Modules/PowerShellGet/1.0.0.1/PSGet.Format.ps1xml
.xml
kl/Modules/PowerShellGet/1.0.0.1/PSGet.Resource.psd1
kl/Modules/PowerShellGet/1.0.0.1/PSModule.psm1
.ps1
kl/Modules/PowerShellGet/1.0.0.1/PowerShellGet.psd1
kl/Modules/PowerShellGet/1.0.0.1/en-US/PSGet.Resource.psd1

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 67KB - Virtual size: 66KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 55KB - Virtual size: 55KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 63KB - Virtual size: 63KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 228KB - Virtual size: 227KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 244KB - Virtual size: 244KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 157KB - Virtual size: 157KB

.text
Size: 67KB - Virtual size: 66KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 55KB - Virtual size: 55KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 228KB - Virtual size: 227KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 244KB - Virtual size: 244KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 157KB - Virtual size: 157KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 14KB