28cf226dd88fc8b1b9bb86ce376b042a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28cf226dd88fc8b1b9bb86ce376b042a_JaffaCakes118
Size

350KB
MD5

28cf226dd88fc8b1b9bb86ce376b042a
SHA1

705f406a37425cacd8b114f28f7bc134efeb1c5d
SHA256

7f692b4a48b773ce0974d737269dde6a23d75f0c87ed64f01eb624e3fefd29c4
SHA512

4aed5e569b69182db1f6c3b302593c53aa4e811e96f41f1441a51f7ae7ca94c51ac82a08a77360791ed6c9e6f812d61540a16810c80a1ed0befcac4a31e38311
SSDEEP

6144:+pgvLwVBLPxv0GAtOL5dQGWxlLd1Vu4uhoaQfeMWdACVSTiDdA:JsJvTL5dQGyR1sonfeaC0ODC

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GraphEdit.exe
unpack001/extrac32.exe
unpack001/fc.exe
unpack001/femgrate.exe
unpack001/find.exe
unpack001/findstr.exe
unpack001/finger.exe
unpack001/fixmapi.exe
unpack001/fltMc.exe
unpack001/fontview.exe
unpack001/forcedos.exe
unpack001/freecell.exe
unpack001/fsquirt.exe
unpack001/fsutil.exe
unpack001/ftp.exe
unpack001/getmac.exe
unpack001/gpresult.exe
unpack001/gpupdate.exe

Files

28cf226dd88fc8b1b9bb86ce376b042a_JaffaCakes118
.rar
GraphEdit.exe
.exe .vbs windows:5 windows x86 arch:x86 polyglot

ea33fcdb4c0b8ab90387eb3474f81c5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\nt_srv\multimedia\dshow\tools\graphedt\graphedt\daytona\obj\i386\graphedt.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetThreadLocale
GetModuleFileNameA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GetCurrentProcessId
SetFilePointer
CreateThread
LoadLibraryA
GetProcAddress
WaitForMultipleObjects
SetEvent
CreateEventA
GetLastError
WaitForSingleObject
lstrcmpiA
CreateFileA
CloseHandle
WideCharToMultiByte
WriteFile
MultiByteToWideChar
lstrlenA
UnhandledExceptionFilter
GetStartupInfoA
lstrcpynW
lstrlenW
InterlockedIncrement
InterlockedDecrement
FreeLibrary

mfc42

ord4387
ord3454
ord3198
ord6080
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4623
ord4426
ord652
ord338
ord4614
ord4613
ord1920
ord4589
ord4899
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4963
ord4960
ord4108
ord6055
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord5260
ord2446
ord2124
ord5277
ord4627
ord4432
ord784
ord736
ord2535
ord4262
ord5495
ord4464
ord4524
ord3626
ord2414
ord3573
ord4220
ord2584
ord3654
ord2438
ord1644
ord1146
ord2864
ord2379
ord439
ord517
ord4723
ord6131
ord6216
ord3075
ord613
ord289
ord4042
ord4508
ord6454
ord5787
ord283
ord4330
ord6270
ord2817
ord3755
ord2846
ord6648
ord5856
ord2763
ord4203
ord861
ord2859
ord3693
ord1641
ord3619
ord3571
ord1640
ord5785
ord4297
ord4133
ord1270
ord640
ord323
ord5788
ord6119
ord2714
ord4234
ord5265
ord4376
ord4998
ord6052
ord1775
ord5241
ord5280
ord3749
ord1727
ord5261
ord4425
ord3597
ord692
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3402
ord4424
ord3639
ord567
ord2302
ord324
ord4853
ord5981
ord4710
ord5681
ord6199
ord5653
ord3092
ord4224
ord4299
ord3138
ord2086
ord6215
ord326
ord4615
ord4612
ord4610
ord815
ord3361
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord4274
ord3337
ord4695
ord5940
ord2003
ord5730
ord3948
ord2185
ord2184
ord4214
ord3107
ord5617
ord989
ord3445
ord3194
ord4161
ord3353
ord6451
ord3715
ord520
ord788
ord2725
ord1219
ord5953
ord3790
ord5503
ord2635
ord986
ord1205
ord4159
ord5943
ord1842
ord3403
ord4242
ord4235
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5082
ord1709
ord1712
ord6053
ord5234
ord6369
ord5279
ord5248
ord2444
ord3598
ord327
ord642
ord4147
ord2087
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord674
ord796
ord807
ord6069
ord1087
ord2122
ord556
ord5282
ord4413
ord2626
ord4055
ord4724
ord554
ord529
ord366
ord2558
ord6000
ord2117
ord5883
ord2120
ord4457
ord2627
ord1871
ord4259
ord2575
ord4396
ord3574
ord609
ord2882
ord5637
ord3475
ord4715
ord1690
ord5288
ord4439
ord2054
ord4431
ord3700
ord771
ord1008
ord2078
ord2109
ord497
ord4258
ord4742
ord6453
ord5287
ord2919
ord5161
ord5162
ord5160
ord4905
ord4948
ord4358
ord4835
ord3699
ord768
ord4976
ord491
ord922
ord926
ord2825
ord616
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3873
ord2645
ord4275
ord1576
ord3172
ord5577
ord1746
ord5243
ord2542
ord2510
ord6336
ord3065
ord3058
ord4696
ord4823
ord539
ord860
ord5740
ord4420
ord535
ord4238
ord1825
ord355
ord2515
ord3499
ord858
ord641
ord1200
ord537
ord540
ord4160
ord939
ord800
ord6175
ord1669
ord2652
ord6383
ord5440
ord6394
ord5450
ord3870
ord6197
ord2863
ord1175
ord1168
ord2107
ord2841
ord6329
ord2393
ord2514
ord1199
ord823
ord825
ord3663
ord2642

msvcrt

__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
?terminate@@YAXXZ
__dllonexit
_setmbcp
towupper
strncpy
wcscpy
_onexit
_controlfp
_CxxThrowException
__CxxFrameHandler
_purecall
exit
_cexit
_XcptFilter
_exit
_c_exit
_snwprintf
_itoa
qsort
rand
strrchr
_stricmp
strstr
printf
sscanf
_strnicmp
_ltow
wcslen

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegEnumValueA
RegNotifyChangeKeyValue
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

gdi32

StretchBlt
BitBlt
GetObjectA
CreatePen
CreateSolidBrush
CreateFontA
CreateCompatibleDC
GetTextExtentPoint32A
Pie
SetStretchBltMode
GetDeviceCaps
PatBlt
DPtoLP

user32

CheckMenuItem
GetSubMenu
GetMenu
SystemParametersInfoA
MessageBoxA
wvsprintfA
KillTimer
SetTimer
SetRectEmpty
OffsetRect
SetRect
PeekMessageA
wsprintfA
PostMessageA
IsWindow
SendMessageA
GetWindowLongA
EnableWindow
GetDlgItem
SetWindowLongA
RegisterClipboardFormatA
PtInRect
IntersectRect
UnionRect
EnableMenuItem
LoadMenuA
GetWindowRect
ScreenToClient
InvalidateRect
GetCapture
SetCapture
ReleaseCapture
GetDoubleClickTime
GetSystemMetrics
GetCursorPos
GetClientRect
GetDC
ReleaseDC
InflateRect
LoadBitmapA
GetDesktopWindow
SetDlgItemTextA
CallWindowProcA
LoadIconA
IsDlgButtonChecked
AppendMenuA
GetMenuItemCount
RemoveMenu
SetForegroundWindow
MapDialogRect
WinHelpA
MessageBeep
DrawFocusRect

ole32

CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize
StgOpenStorage
StgCreateDocfile
CoCreateInstance
CoTaskMemFree
CreateBindCtx
MkParseDisplayName
GetRunningObjectTable
StringFromGUID2

oleaut32

SysFreeString
SysStringLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SysAllocString

comdlg32

CommDlgExtendedError
GetOpenFileNameA

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17

shell32

ShellExecuteA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

quartz

AMGetErrorTextA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
extrac32.exe
.exe windows:5 windows x86 arch:x86

612a412c2dada94df26a9524db8b1b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

extrac32.pdb

Imports

msvcrt

_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_exit
__p__fmode
__set_app_type
_except_handler3
_controlfp
_c_exit
exit
strncmp
_iob
fgets
_stricmp
_filelength
getenv
tolower
_chsize
_lseek
strchr
_getch
_chmod
isdigit
atoi
strspn
strpbrk
_eof
_read
_write
strncpy
_mkdir
_errno
__doserrno
_open
printf
_close
_unlink
isalpha
_getdrive
toupper
_stat
_tempnam
_vsnprintf
malloc
_strdup
__p__commode
free

kernel32

GetCurrentThreadId
GetLastError
GetCurrentProcessId
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileAttributesExA
SetFileAttributesA
CloseHandle
GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetDriveTypeA
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
CreateFileA
Sleep
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime

user32

DispatchMessageA
PeekMessageA
SendDlgItemMessageA
EnableMenuItem
GetSystemMenu
CreateDialogParamA
CharNextExA
DestroyWindow

comctl32

ord17

cabinet

ord24
ord21
ord22
ord23
ord20

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fastopen.exe
fc.exe
.exe windows:5 windows x86 arch:x86

2d469a9bfb0c647824c75a480b934b46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memmove
_wcsicmp
_wcsupr
_c_exit
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
wcslen
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_initterm
sprintf

kernel32

GetModuleHandleA

ulib

?ValidateVersion@PROGRAM@@UBEXKK@Z
?Usage@PROGRAM@@UBEXXZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?Compare@OBJECT@@UBEJPBV1@@Z
??0PATH@@QAE@XZ
??0PROGRAM@@IAE@XZ
??1PROGRAM@@UAE@XZ
??1PATH@@UAE@XZ
??1OBJECT@@UAE@XZ
??1DSTRING@@UAE@XZ
??1BYTE_STREAM@@UAE@XZ
?Initialize@BYTE_STREAM@@QAEEPAVSTREAM@@K@Z
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
??0BYTE_STREAM@@QAE@XZ
?Strcmps@WSTRING@@SGHPAG0@Z
?ReadWLine@STREAM@@QAEEPAGKPAKEK@Z
?FillAndReadByte@BYTE_STREAM@@AAEEPAE@Z
?ReadMbLine@STREAM@@QAEEPADKPAKEK@Z
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
??0FSTRING@@QAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??1ARRAY@@UAE@XZ
??1STRING_ARGUMENT@@UAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
?Stricmp@WSTRING@@SGHPAG0@Z
?Strcmp@WSTRING@@SGHPAG0@Z
?Strcmpis@WSTRING@@SGHPAG0@Z
?Stricmp@MBSTR@@SGHPAD0@Z
?Strcmpis@MBSTR@@SGHPAD0@Z
??0DSTRING@@QAE@XZ
?QueryNumber@WSTRING@@QBEEPAJKK@Z
?Initialize@PATH@@QAEEPBV1@E@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARRAY@@QAEEKK@Z
??0STRING_ARGUMENT@@QAE@XZ
??0LONG_ARGUMENT@@QAE@XZ
??0FLAG_ARGUMENT@@QAE@XZ
??0PATH_ARGUMENT@@QAE@XZ
??0ARRAY@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@PROGRAM@@QAEEKKK@Z
??1FSN_FILTER@@UAE@XZ
?SetName@PATH@@QAEEPBVWSTRING@@@Z
?QueryWCExpansion@PATH@@QAEPAV1@PAV1@@Z
?HasWildCard@PATH@@QBEEXZ
?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?TruncateBase@PATH@@QAEEXZ
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QAEEXZ
??0FSN_FILTER@@QAE@XZ
?Initialize@CLASS_DESCRIPTOR@@QAEEXZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?Initialize@WSTRING@@QAEEPBDK@Z
?QueryString@WSTRING@@QBEPAV1@KK@Z
?Strcmps@MBSTR@@SGHPAD0@Z

ntdll

RtlFreeHeap
RtlAllocateHeap

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
femgrate.exe
.exe windows:5 windows x86 arch:x86

8dbce9bad66a04d041ac9ee29b66d059

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

femgrate.pdb

Imports

msvcrt

_wtoi
wcsrchr
wcsstr
_wcsupr
malloc
free
wcsncmp
__argc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
wcstoul
__argv

advapi32

RegOpenKeyW
RegQueryValueW
RegSetValueW
GetFileSecurityW
SetFileSecurityW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyW

kernel32

QueryPerformanceCounter
GetSystemDirectoryW
CreateFileW
CloseHandle
GlobalAlloc
GlobalLock
ReadFile
GetTickCount
WriteFile
GlobalUnlock
GlobalFree
GetWindowsDirectoryW
MoveFileW
LocalAlloc
LocalFree
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
MultiByteToWideChar
WritePrivateProfileStringW
lstrlenW
lstrcpyW
lstrcmpiW
GetSystemDefaultLCID
lstrcmpW
lstrcpynW
FindClose
FindNextFileW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
GetLastError
FindFirstFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
CopyFileW
GetPrivateProfileStringW
CreateDirectoryW
lstrcatW
FreeLibrary
GetProcAddress
LoadLibraryW

user32

wsprintfW
LoadStringW

setupapi

SetupTermDefaultQueueCallback
SetupGetLineTextW
SetupOpenFileQueue
SetupInstallFilesFromInfSectionW
SetupInitDefaultQueueCallback
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupInstallFromInfSectionW
SetupGetLineByIndexW
SetupCloseFileQueue
SetupOpenInfFileW
SetupCloseInfFile
SetupGetLineCountW
pSetupGetField

userenv

ord112

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
find.exe
.exe windows:5 windows x86 arch:x86

b4e3e0014699d4808d40d0d755ab546e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
_XcptFilter
_cexit
__initenv
__getmainargs
_initterm
__setusermatherr
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_wcsupr
_adjust_fdiv
exit

kernel32

CompareStringW
GetModuleHandleA

ulib

?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?Compare@OBJECT@@UBEJPBV1@@Z
??0STREAM_MESSAGE@@QAE@XZ
??0MULTIPLE_PATH_ARGUMENT@@QAE@XZ
??0DSTRING@@QAE@XZ
??0PROGRAM@@IAE@XZ
??1PROGRAM@@UAE@XZ
??1DSTRING@@UAE@XZ
??1MULTIPLE_PATH_ARGUMENT@@UAE@XZ
?Usage@PROGRAM@@UBEXXZ
??1OBJECT@@UAE@XZ
?Initialize@WSTRING@@QAEEPBGK@Z
?ReadLine@STREAM@@QAEEPAVWSTRING@@E@Z
?SetConsoleConversions@WSTRING@@SGXXZ
?Initialize@WSTRING@@QAEEXZ
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?IsDrive@PATH@@QBEEXZ
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??1ARRAY@@UAE@XZ
??1STRING_ARGUMENT@@UAE@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?Initialize@MULTIPLE_PATH_ARGUMENT@@QAEEPADEE@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
?Initialize@ARRAY@@QAEEKK@Z
?IsCorrectVersion@SYSTEM@@SGEXZ
?Initialize@PROGRAM@@QAEEKKK@Z
??0FLAG_ARGUMENT@@QAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??0ARRAY@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@CLASS_DESCRIPTOR@@QAEEXZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
??1STREAM_MESSAGE@@UAE@XZ

ntdll

RtlFreeHeap
RtlAllocateHeap

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
findstr.exe
.exe windows:5 windows x86 arch:x86

8084d93c613ab1d1513dcb7965a1819a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

findstr.pdb

Imports

msvcrt

__p__commode
__p__fmode
__set_app_type
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
clock
setlocale
_setmode
_stricmp
isxdigit
tolower
_isatty
_itoa
fopen
fgets
fclose
strchr
_ultoa
sprintf
isprint
isspace
isalnum
fprintf
malloc
_splitpath
_except_handler3
strncpy
isalpha
_iob
exit
free
strcspn
strcoll
isupper
_strlwr
islower
memmove
_strncoll
_strnicoll
_controlfp
_strupr

kernel32

CreateFileMappingA
FindNextFileA
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetUserDefaultLCID
SetThreadLocale
lstrlenA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileSize
FindClose
MapViewOfFile
CloseHandle
UnmapViewOfFile
InitializeCriticalSection
SetConsoleCtrlHandler
ExitProcess
GetFileAttributesA
CreateFileA
FormatMessageA
GetLastError
IsDBCSLeadByte
SetFileApisToOEM
EnterCriticalSection
GetStdHandle
SetConsoleTextAttribute
LeaveCriticalSection
WriteFile
ReadFile
FindFirstFileA

user32

CharToOemA
wsprintfA

ntdll

RtlUnicodeToOemN
RtlMultiByteToUnicodeN
DbgPrint

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
finger.exe
.exe windows:5 windows x86 arch:x86

f4f0a9d7971340d0aef4805e0abaf1d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_XcptFilter
_exit
_c_exit
_cexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_write
strrchr
_iob
fflush
isprint
__getmainargs
__initenv
exit
isspace
putchar

kernel32

GetModuleHandleA
Sleep
FormatMessageA
LocalFree
GetLastError

ws2_32

recv
WSAStartup
gethostname
getaddrinfo
socket
bind
connect
closesocket
send

user32

CharToOemBuffA

mswsock

s_perror

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fixmapi.exe
.exe windows:5 windows x86 arch:x86

32398d4ef535166fe3a511a0837e8cb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetLastError
LoadLibraryA
ExitProcess

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fltMc.exe
.exe windows:5 windows x86 arch:x86

3bf3a95d7fe0954053d19b8b76e34b1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fltMC.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
malloc
free
_except_handler3
_wcsicmp
wprintf

advapi32

OpenProcessToken
AdjustTokenPrivileges

kernel32

GetModuleHandleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
GetCurrentProcess
GetLastError
LocalFree
WriteFile
WriteConsoleW
FormatMessageW
FreeLibrary
LoadLibraryExW
SetThreadLocale
GetProcAddress
GetModuleHandleW
GetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess

fltlib

FilterAttach
FilterVolumeFindFirst
FilterVolumeFindNext
FilterVolumeFindClose
FilterVolumeInstanceFindFirst
FilterVolumeInstanceFindNext
FilterInstanceFindFirst
FilterAttachAtAltitude
FilterInstanceFindClose
FilterFindFirst
FilterFindNext
FilterFindClose
FilterUnload
FilterLoad
FilterGetDosName
FilterDetach
FilterInstanceFindNext

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fontview.exe
.exe windows:5 windows x86 arch:x86

b1438e87294e21921b52df523d06caf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fontview.pdb

Imports

msvcrt

_vsnwprintf
_XcptFilter
_cexit
exit
_c_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_acmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit

kernel32

MultiByteToWideChar
SetThreadLocale
LocalFree
GetThreadLocale
MulDiv
lstrlenW
lstrcmpiW
ExitProcess
GetCommandLineW
GetLastError
FormatMessageW
LocalAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
GetSystemDefaultLangID
CreateFileW
GetFileSize
CloseHandle
GetACP

gdi32

LineTo
RemoveFontResourceW
StartDocW
StartPage
EndPage
EndDoc
SetTextAlign
GetTextExtentPoint32W
GetTextMetricsW
ExtTextOutW
MoveToEx
AddFontResourceW
GetFontResourceInfoW
GetFontData
GetDeviceCaps
GetStockObject
CreateCompatibleDC
TranslateCharsetInfo
CreateFontIndirectW
SelectObject
GetTextCharsetInfo
DeleteObject
DeleteDC

user32

GetSystemMetrics
GetDesktopWindow
MessageBoxW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
RegisterClassW
CreateWindowExW
CharNextW
PostQuitMessage
DestroyWindow
SetWindowPos
EndPaint
ReleaseDC
FillRect
GetClientRect
BeginPaint
PostMessageW
SendMessageW
DefWindowProcW
EnableWindow
InvalidateRect
MessageBeep
GetSysColorBrush
ScrollWindowEx
DrawTextW
SetRect
LoadStringW
SetCursor
LoadCursorW
SetScrollInfo

comdlg32

PrintDlgW

shell32

SHGetFileInfoW

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathRenameExtensionW
PathFindExtensionW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
forcedos.exe
.exe windows:5 windows x86 arch:x86

7ce72da8f1739e6febc7251a933c82a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

forcedos_FE.pdb

Imports

user32

LoadStringW

ntdll

RtlOemStringToUnicodeString
wcschr
RtlInitUnicodeString
RtlUnicodeStringToOemString
RtlInitString

msvcrt

__p__fmode
__set_app_type
__p__commode
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_except_handler3

kernel32

WriteFile
GetModuleHandleA
GetConsoleOutputCP
GetSystemDefaultLangID
SetThreadLocale
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
SearchPathW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetStdHandle
ExitProcess

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
freecell.exe
.exe windows:5 windows x86 arch:x86

dcf6308d9663882cb9775a4d74cd7fe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
isdigit
time
srand
rand

advapi32

RegSetValueExW
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegCloseKey

kernel32

GetStartupInfoA
GetModuleHandleA
lstrlenW
GetModuleFileNameA
lstrcpynW
GetPrivateProfileIntW
GetProcAddress
LoadLibraryA

gdi32

StretchBlt
BitBlt
SetBkColor
SetRectRgn
GetTextExtentPoint32W
SetTextColor
TextOutW
SetPixel
CreateRectRgn
GetPixel
GetTextMetricsW
GetDeviceCaps
CombineRgn
CreatePen
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
PatBlt
CreateFontIndirectW
DeleteDC
LineTo
MoveToEx
GetStockObject
CreateICW

user32

SetCursor
LoadCursorW
BeginPaint
ShowCursor
FlashWindow
SetTimer
EndPaint
KillTimer
LoadBitmapW
UpdateWindow
ShowWindow
CreateWindowExW
LoadStringW
GetSystemMetrics
SystemParametersInfoW
PostQuitMessage
MessageBoxW
MessageBeep
ReleaseDC
GetDC
DefWindowProcW
GetDesktopWindow
DialogBoxParamW
EnableMenuItem
GetMenu
InvalidateRect
SendMessageW
PostMessageW
SetCapture
ReleaseCapture
DrawMenuBar
RegisterClassW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
EndDialog
GetDlgItem
SetWindowPos
GetWindowRect
GetClientRect
WinHelpW
SetDlgItemInt
GetDlgItemInt
SetWindowTextW
wsprintfW
GetSysColor
GetWindowDC
IsIconic

cards

cdtTerm
cdtInit
cdtDrawExt

shell32

ShellAboutW

comctl32

InitCommonControlsEx

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fsquirt.exe
.exe windows:5 windows x86 arch:x86

406caf67c01bf3c0a55e677697a91b8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fsquirt.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA

kernel32

InterlockedDecrement
CreateThread
GetCurrentThreadId
lstrlenW
GetModuleFileNameW
HeapReAlloc
WriteFile
CreateFileW
lstrlenA
SetEvent
LocalFree
GetOverlappedResult
ReadFile
LocalAlloc
GetFileSizeEx
MulDiv
FormatMessageW
WaitForSingleObject
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
LoadLibraryExA
HeapAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
VirtualProtect
GetSystemInfo
GetLocaleInfoA
FlushFileBuffers
InterlockedIncrement
WaitForMultipleObjects
GetLastError
GetModuleHandleA
ResetEvent
HeapFree
GetProcessHeap
CreateEventW
GetStdHandle
CloseHandle

gdi32

GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject

user32

TranslateMessage
GetMessageW
LoadImageW
GetDC
ReleaseDC
MessageBoxW
SetWindowTextW
ShowWindow
SetDlgItemTextW
SetFocus
SendMessageW
PostThreadMessageW
GetDlgItemTextW
GetDlgItem
GetWindowTextLengthW
EnableWindow
GetWindowLongW
SetWindowLongW
SendDlgItemMessageW
GetParent
PostMessageW
LoadStringW
KillTimer
DispatchMessageW
SetTimer
PostQuitMessage

comctl32

InitCommonControlsEx
PropertySheetW

shell32

SHGetFolderPathW
SHBindToParent
SHGetSpecialFolderPathW
ord155
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ord258
SHSetLocalizedName

comdlg32

GetOpenFileNameW

shlwapi

StrFormatByteSizeW
StrRetToBufW
SHSetValueW
PathFindFileNameW
PathAddExtensionW
PathAppendW
PathRemoveFileSpecW
StrStrIA
PathCombineW

ws2_32

connect
socket
WSASetServiceW
listen
getsockname
bind
WSAGetOverlappedResult
WSASend
WSARecv
setsockopt
getpeername
ioctlsocket
WSAStartup
WSACleanup
closesocket
WSAGetLastError

mswsock

AcceptEx

ole32

CoInitialize
CoMarshalInterThreadInterfaceInStream
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoUninitialize

irprops.cpl

BluetoothAuthenticateDevice
BluetoothEnableDiscovery
BluetoothSelectDevices
BluetoothSelectDevicesFree
BluetoothFindFirstRadio
BluetoothFindRadioClose
BluetoothGetDeviceInfo

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fsutil.exe
.exe windows:5 windows x86 arch:x86

595139380a3ee32e0d97c0b1a0759944

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isalpha
setlocale
calloc
_wcsnicmp
malloc
_wcsicmp
isdigit
free
wcslen
wcsncat
wcscpy
wcscat
_errno
toupper
swprintf
_wctime
towupper
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
_cexit
_XcptFilter
_exit
_c_exit
iswctype
exit
_wcsdup
wprintf
printf

advapi32

LookupPrivilegeValueW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
CheckTokenMembership
RevertToSelf
OpenProcessToken
AdjustTokenPrivileges
OpenEventLogW
ReadEventLogW
LookupAccountSidW
CloseEventLog
LookupAccountNameW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GetDiskFreeSpaceExW
GetFullPathNameW
GetCurrentThread
GetCurrentProcess
FormatMessageW
LocalFree
GetDateFormatW
GetTimeFormatW
GetFileSizeEx
GetVersionExW
CreateHardLinkW
GetLastError
GetSystemInfo
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
SetFilePointerEx
SetEndOfFile
DeleteFileW
GetModuleHandleW
GetProcAddress
CreateFileW
DeviceIoControl
CloseHandle
GetModuleHandleA

ntdll

RtlNtStatusToDosError
NtOpenFile
RtlInitUnicodeString
NtSetVolumeInformationFile
NtQueryVolumeInformationFile
RtlTimeToSecondsSince1970
RtlLengthSid
NtQueryQuotaInformationFile
NtSetQuotaInformationFile
NtQueryInformationFile
RtlTimeToTimeFields

ole32

StringFromIID
CoTaskMemFree

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ftp.exe
.exe windows:5 windows x86 arch:x86

72461fdf0a8e4b6e7a91d2e92630e1e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ftp.pdb

Imports

msvcrt

isdigit
sprintf
_write
strchr
_setjmp3
_isatty
clearerr
putchar
tolower
longjmp
exit
islower
toupper
_chdrive
fprintf
_errno
_getcwd
fflush
_mbslen
_mbsnbcnt
_mbsnbcat
printf
getenv
_tempnam
tmpnam
_mbsnbcpy
free
fopen
_unlink
vsprintf
vfprintf
_read
clock
_fstat
_fsopen
_c_exit
_exit
_XcptFilter
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_chdir
_cexit
fclose
_mbscmp
_mbscpy
_mbscat
_mbstrlen
_iob
fgets
_mbschr
atoi

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

ReadFile
GetConsoleMode
CreateFileA
Sleep
WriteFile
SetConsoleMode
HeapFree
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
HeapAlloc
FindFirstFileA
FindNextFileA
InterlockedExchange
IsDBCSLeadByteEx
GetEnvironmentVariableA
CreateProcessA
WaitForSingleObject
CloseHandle
LoadLibraryExA
GetLastError
GetCurrentDirectoryA
SetConsoleCtrlHandler
GetFileAttributesA
LocalFree
LocalAlloc
FormatMessageA
GetProcessHeap

user32

CharToOemBuffA
OemToCharBuffA
CharNextExA

ws2_32

getnameinfo
ntohs
setsockopt
send
accept
select
__WSAFDIsSet
recv
WSAStartup
getservbyname
socket
WSAGetLastError
htonl
bind
getsockname
connect
shutdown
closesocket
htons
gethostname
getaddrinfo
freeaddrinfo
listen

mswsock

s_perror

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gdi.exe
getmac.exe
.exe windows:5 windows x86 arch:x86

c9554e0260bf1a98a7029d163d499f0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GetMac.pdb

Imports

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
??3@YAXPAX@Z
?terminate@@YAXXZ
wcstok
??2@YAPAXI@Z
wcslen
wcscpy
__CxxFrameHandler
_wcsicmp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
wcschr
strtok
wcstod
wcstol
wcsncmp
_wcsnicmp
realloc
fflush
fprintf
exit
_cexit
_XcptFilter
_exit
_c_exit
_CxxThrowException
wcsstr
calloc
free
_iob

kernel32

GetTimeFormatW
FileTimeToSystemTime
lstrcmpiW
GetConsoleMode
SetConsoleMode
ReadFile
ReadConsoleW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpynW
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
lstrcmpW
GetComputerNameExW
GetLastError
lstrcpyW
GetStdHandle
GetModuleHandleA
LocalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
WriteConsoleW
InterlockedIncrement
SetLastError
LocalAlloc
lstrlenW
FormatMessageW
lstrcatW
InterlockedDecrement
QueryPerformanceCounter

user32

LoadStringW
CharUpperW
wsprintfW

mpr

WNetAddConnection2W
WNetGetLastErrorW
WNetCancelConnection2W

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SysAllocStringByteLen
VariantInit
SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantChangeType
VariantCopy

secur32

GetUserNameExW

ws2_32

WSAGetLastError
WSAStartup
WSACleanup
inet_addr
gethostbyaddr

framedyn

?ReleaseBuffer@CHString@@QAEXH@Z
??YCHString@@QAEABV0@PBG@Z
?Left@CHString@@QBE?AV1@H@Z
??0CHString@@QAE@PBG@Z
??4CHString@@QAEABV0@PBG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Find@CHString@@QBEHG@Z
?Mid@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
??1CHString@@QAE@XZ
?Format@CHString@@QAAXPBGZZ
?Compare@CHString@@QBEHPBG@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Mid@CHString@@QBE?AV1@HH@Z
?Empty@CHString@@QAEXXZ
?SetAt@CHString@@QAEXHG@Z
??0CHString@@QAE@XZ
?GetData@CHString@@IBEPAUCHStringData@@XZ

netapi32

NetApiBufferFree
NetWkstaTransportEnum
NetServerGetInfo

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gpresult.exe
.exe windows:5 windows x86 arch:x86

65c9087f103e78cee79f2a030d21dd4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GPRslt.pdb

Imports

user32

LoadStringW
CharUpperW
wsprintfW

mpr

WNetGetLastErrorW
WNetCancelConnection2W
WNetAddConnection2W

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysFreeString
SafeArrayGetElement

secur32

GetComputerObjectNameW
TranslateNameW
GetUserNameExW

ws2_32

WSACleanup
inet_addr
WSAGetLastError
WSAStartup
gethostbyaddr

netapi32

DsGetDcNameW
NetApiBufferFree
NetServerGetInfo

framedyn

??1CHString@@QAE@XZ
??0CHString@@QAE@XZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Empty@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Format@CHString@@QAAXPBGZZ
??4CHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@PBG@Z
?Mid@CHString@@QBE?AV1@HH@Z
?Find@CHString@@QBEHPBG@Z
??0CHString@@QAE@ABV0@@Z
??H@YG?AVCHString@@ABV0@PBG@Z
?MakeLower@CHString@@QAEXXZ
?SetAt@CHString@@QAEXHG@Z
??H@YG?AVCHString@@ABV0@0@Z
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBG@Z

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

ntdsapi

DsCrackNamesW
DsFreeNameResultW
DsUnBindW
DsBindWithCredW

msvcrt

calloc
wcstok
wcslen
free
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_iob
wcstod
wcstol
wcsstr
wcsncmp
_wcsnicmp
realloc
fprintf
wcschr
strtok
_CxxThrowException
_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
?terminate@@YAXXZ
_controlfp
??1type_info@@UAE@XZ
__set_app_type
_except_handler3
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
wcscpy
_initterm
fflush

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegUnLoadKeyW
RegOpenKeyExW
RegLoadKeyW
OpenProcessToken
RegCloseKey
RegQueryInfoKeyW
RegConnectRegistryW
ConvertStringSidToSidW
LookupAccountSidW

kernel32

SetConsoleMode
GetModuleHandleA
GetConsoleMode
CreateMutexW
CloseHandle
GetConsoleScreenBufferInfo
GetStdHandle
SetLastError
lstrlenW
WriteConsoleW
SetConsoleCursorPosition
lstrcmpiW
lstrcpyW
lstrcmpW
InterlockedIncrement
LocalAlloc
ReadFile
ReadConsoleW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
lstrcatW
InterlockedDecrement
GetComputerNameW
lstrcpynW
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetComputerNameExW
WaitForSingleObject
ReleaseMutex
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcess
GetLocalTime
GetDateFormatW
GetTimeFormatW
OpenMutexW
GetLastError
LocalFree
GetUserDefaultLCID

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gpupdate.exe
.exe windows:5 windows x86 arch:x86

59893350cea7c69190405e7339364268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

kernel32

LocalFree
LocalReAlloc
LocalAlloc
lstrlenW
FormatMessageW
CloseHandle
WaitForSingleObject
OpenEventW
GetLastError
GlobalFree
WaitForMultipleObjects
CreateThread
GetCurrentProcess
GetModuleHandleW
GetCommandLineW
GetModuleHandleA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
MultiByteToWideChar
HeapAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
ReadFile
FlushFileBuffers
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
SetFilePointer
SetStdHandle
GetLocaleInfoW
SetThreadUILanguage

user32

ExitWindowsEx
LoadStringW

userenv

ForceSyncFgPolicy
RefreshPolicyEx

shlwapi

wvnsprintfW

shell32

CommandLineToArgvW

ntdll

RtlCopySid
RtlLengthSid
NtQueryInformationToken
RtlConvertSidToUnicodeString

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea33fcdb4c0b8ab90387eb3474f81c5c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mfc42

msvcrt

advapi32

gdi32

user32

ole32

oleaut32

comdlg32

comctl32

shell32

version

quartz

Sections

.text Size: 140KB - Virtual size: 139KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 31KB - Virtual size: 30KB

612a412c2dada94df26a9524db8b1b3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

comctl32

cabinet

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 432B

.rsrc Size: 1KB - Virtual size: 1KB

2d469a9bfb0c647824c75a480b934b46

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ulib

ntdll

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 64B

.rsrc Size: 1024B - Virtual size: 984B

8dbce9bad66a04d041ac9ee29b66d059

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

setupapi

userenv

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

b4e3e0014699d4808d40d0d755ab546e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

.text
Size: 140KB - Virtual size: 139KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 31KB - Virtual size: 30KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 432B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 64B

.rsrc
Size: 1024B - Virtual size: 984B

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 36B

.rsrc
Size: 1024B - Virtual size: 992B

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 540B

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 1024B - Virtual size: 540B

.rsrc
Size: 1024B - Virtual size: 1000B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 80B

.rsrc
Size: 11KB - Virtual size: 11KB