New folder (2)[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

New folder (2).rar
Size

3.7MB
MD5

f8410956c346cd59ed8097e7d9d09fe5
SHA1

7521bd800298e80a97e91c7e9c0814d6d1dcca85
SHA256

49f236dbcde6f32d6573c8d4ca9922b4f9a60a18aacea5c2421d08997ef14a33
SHA512

85f7e5ef7cabc63b6b1797f22f2e25dbfd1f046251258d6bceaf87d231c01f545467ac50a0a0fd2186342dd45fe1bab7077c3fdb61b1f475ff17911a204053d9
SSDEEP

98304:oeRzhLCpeWvgPdVWQO5J9kgMUKqxKB3773C:geWvglMQ9gMUKqwB3q

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/childmoney.exe	aspack_v212_v242
static1/unpack001/95e95a5be0b57cee969c5d9f616be2e973bc08a77482c75570936faaaaa35063	aspack_v212_v242
static1/unpack001/a935725900d1ad19b92bcda1c0d612bccccd8bba53dd6e13cabe6d59d7874607	aspack_v212_v242
static1/unpack001/fda537bc5e4051c8c69491089041df58483e31f410f180c5767901a53a67f9ad	aspack_v212_v242

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/50e0f20cb3844c6b0ddc4af01daf274b7ebdddd0d322f06f05b7d6fec7c16869	upx
static1/unpack001/e3c6c48ba7d213e5c5c31f43d70dc4ca1709fc29e06883f64487ad049a520b87	upx
static1/unpack001/edbb453cc08e8ac79d0c60c0f1ca3803060e8c3a4dd2e2a7b40c50ec3fb0dd46	upx

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0b42c766b056ee3a04b2e0b833c4f42e1520516e047330df3c5640dfcc492232
unpack001/11f9bb7186adbefb2633904f1626b20f3f8d0d3ecb98e55a3a81e6a17039786b
unpack002/childmoney.exe
unpack001/1c281ece6f6be8983f6f858636ddf9169dcb00ec2c0a98d0797bf8d3619cb22a
unpack001/32bb88fa592ba0f338d58730d224728823684134157afe5892f5bbd8c042d54b
unpack001/5056cbe5539d0e171c81451306f2a970b43a6039dd847316a96f24be7b19453d
unpack001/50e0f20cb3844c6b0ddc4af01daf274b7ebdddd0d322f06f05b7d6fec7c16869
unpack001/57bbc27030a7c47b62aa08d6d05b6c7eee36010246260924ed6b85ff7e53917b
unpack001/6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be
unpack001/72745efc423d4adb76434360755cfbc3cfe8fa47ba8e5fa2920ada7dc9ceb146
unpack001/751fb51baa5a4ed44c9c2bb45b824831914025e87d4d866e5861a38f734d8bfe
unpack001/95e95a5be0b57cee969c5d9f616be2e973bc08a77482c75570936faaaaa35063
unpack001/a935725900d1ad19b92bcda1c0d612bccccd8bba53dd6e13cabe6d59d7874607
unpack001/c19093138028ea6a6a6665e270c36558757931f1d7f6f88910b08e39903a1774
unpack001/dafc6c03ef671f66ddbe47e6eee600d2dfa894eee1c1b67d51d3a24532f58e19
unpack001/e3c6c48ba7d213e5c5c31f43d70dc4ca1709fc29e06883f64487ad049a520b87
unpack004/out.upx
unpack001/edbb453cc08e8ac79d0c60c0f1ca3803060e8c3a4dd2e2a7b40c50ec3fb0dd46
unpack001/f633e6f25507a6d99ad2474ca4528ef4fdf8f124cade2daa51d310733a62114b
unpack001/fda537bc5e4051c8c69491089041df58483e31f410f180c5767901a53a67f9ad

Files

New folder (2).rar
.rar
0b42c766b056ee3a04b2e0b833c4f42e1520516e047330df3c5640dfcc492232
.exe windows:4 windows x86 arch:x86

3222589fbfd9f1944dd018dd514b4146

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaI2Abs
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord666
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaBoolStr
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
ord520
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
ord710
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord714
__vbaVarDiv
__vbaI2Str
ord608
ord716
__vbaFPException
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaR8Str
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
ord610
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
ord320
__vbaStrToAnsi
__vbaVarDup
ord612
ord321
__vbaFpI4
__vbaVarCopy
ord616
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
ord618
__vbaAryCopy
__vbaStrMove
__vbaUI1Str
ord619
_allmul
__vbaVarLateMemCallSt
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
11f9bb7186adbefb2633904f1626b20f3f8d0d3ecb98e55a3a81e6a17039786b
.exe windows:4 windows x86 arch:x86

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Download\test123\3434\Release\3434.pdb

Imports

kernel32

FreeEnvironmentStringsA
GetModuleHandleA
_lclose
_lread
_lopen
GlobalAlloc
GetSystemTime
GetModuleFileNameA
Sleep
GetProcAddress
LoadLibraryA

Sections

.text
Size: 4KB - Virtual size: 621B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 462B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
141f3f9f7a1e2da7213e940e45e364536a02deea4815743a84942b79e974feae
.zip
childmoney.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 286KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aws
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1c281ece6f6be8983f6f858636ddf9169dcb00ec2c0a98d0797bf8d3619cb22a
.exe windows:4 windows x86 arch:x86

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Download\test123\3434\Release\3434.pdb

Imports

kernel32

FreeEnvironmentStringsA
GetModuleHandleA
_lclose
_lread
_lopen
GlobalAlloc
GetSystemTime
GetModuleFileNameA
Sleep
GetProcAddress
LoadLibraryA

Sections

.text
Size: 4KB - Virtual size: 621B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 462B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
32bb88fa592ba0f338d58730d224728823684134157afe5892f5bbd8c042d54b
.exe windows:4 windows x86 arch:x86

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Download\test123\3434\Release\3434.pdb

Imports

kernel32

FreeEnvironmentStringsA
GetModuleHandleA
_lclose
_lread
_lopen
GlobalAlloc
GetSystemTime
GetModuleFileNameA
Sleep
GetProcAddress
LoadLibraryA

Sections

.text
Size: 4KB - Virtual size: 621B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 462B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5056cbe5539d0e171c81451306f2a970b43a6039dd847316a96f24be7b19453d
.exe windows:4 windows x86 arch:x86

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Download\test123\3434\Release\3434.pdb

Imports

kernel32

FreeEnvironmentStringsA
GetModuleHandleA
_lclose
_lread
_lopen
GlobalAlloc
GetSystemTime
GetModuleFileNameA
Sleep
GetProcAddress
LoadLibraryA

Sections

.text
Size: 4KB - Virtual size: 621B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 462B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
50e0f20cb3844c6b0ddc4af01daf274b7ebdddd0d322f06f05b7d6fec7c16869
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
57bbc27030a7c47b62aa08d6d05b6c7eee36010246260924ed6b85ff7e53917b
.exe windows:4 windows x86 arch:x86

86f57fad917d7e96c841ecb1f736e6d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrcmpiA
CreateFileW
GetLastError
GetCurrentProcess
HeapAlloc
ExitProcess
SetEvent
CreateEventA
FormatMessageW
GlobalAlloc
VirtualAlloc
GetStartupInfoW

user32

GetSysColor
GetSystemMetrics
LoadIconW
LoadCursorA

advapi32

RegQueryValueExW
RegOpenKeyExA

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
65a84ff98e09a002d01b1c2935ca603125c8ddcb5c5824da9cc60787594a5202
.exe windows:4 windows x86 arch:x86

b539ba57c9134034b6a0c2dbb2798134

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:d1:6e:07:60:17:ab:24:96:50:62:41:77:87:7a:9d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-06-2012 00:00

Not After

14-06-2013 23:59

Subject

CN=JORGE CHONG VELASCO,O=JORGE CHONG VELASCO,POSTALCODE=042,STREET=JR. LIMA 1154,L=TARAPOTO,ST=SAN MARTIN,C=PE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:f7:fd:ee:a9:d2:a2:26:c3:db:da:90:64:6b:07:29:bb:d9:f0:be
Signer

Actual PE Digest

7c:f7:fd:ee:a9:d2:a2:26:c3:db:da:90:64:6b:07:29:bb:d9:f0:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
CreateFileA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be
.exe windows:4 windows x86 arch:x86

4bb6a4eac6dc09b9aef584dcfb9dfb18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CreateSemaphoreA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
cos
fflush
fopen
fprintf
free
malloc
signal
strcmp

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
ShowWindow
TranslateMessage

comctl32

InitCommonControls

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 480B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
72745efc423d4adb76434360755cfbc3cfe8fa47ba8e5fa2920ada7dc9ceb146
.exe windows:4 windows x86 arch:x86

bd4014bbd2c460069308039b1e5ab9b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glReadBuffer
glGetBooleanv
glPixelTransferi
glGetTexEnvfv
glRasterPos3i
glRasterPos3fv
glTexParameteri
glVertex2iv
glScalef
glArrayElement
glEnableClientState
glRectiv
glLightiv

ole32

CoUnmarshalInterface
GetRunningObjectTable
CreateAntiMoniker
WriteFmtUserTypeStg
CoCreateInstance
DoDragDrop
OleCreateFromDataEx
StgCreateDocfile
OleNoteObjectVisible
OleRun
CoLockObjectExternal
OleQueryCreateFromData
MkParseDisplayName

gdi32

CreateDCW
ChoosePixelFormat
ExtFloodFill
CreateDiscardableBitmap
CreateFontW
EqualRgn
GetBkColor
GetAspectRatioFilterEx
CombineTransform
Escape
DescribePixelFormat
DrawEscape
BitBlt

advapi32

RegOpenKeyExA
RegLoadKeyA
ReportEventA
CloseEventLog
NotifyChangeEventLog
GetTokenInformation
OpenEventLogA
RegQueryValueExA
RegSetValueA

kernel32

GetPrivateProfileSectionA
GetModuleHandleA
GetProcAddress
SuspendThread
GetModuleFileNameA
GetCommandLineA
GetEnvironmentStrings
SetHandleInformation
GetVersion
SetEvent
GetCurrentProcess
ReleaseMutex
TlsSetValue
VirtualAllocEx
GetCurrentProcessId
CloseHandle
GetProcessHeap
GetStdHandle
GetStartupInfoA

secur32

AcceptSecurityContext
MakeSignature
CompleteAuthToken

avifil32

AVIBuildFilterW
AVIStreamFindSample
AVISaveVW
EditStreamSetInfoW
AVIMakeCompressedStream
AVIStreamOpenFromFileA
AVIFileInfoA
AVIClearClipboard
AVIStreamReadData

msvfw32

ICGetInfo
ICInfo
GetOpenFileNamePreviewA

uxtheme

GetThemeIntList
DrawThemeEdge
SetWindowTheme
DrawThemeText
GetThemePosition
OpenThemeData
GetThemeSysBool
IsThemeActive
EnableTheming

ws2_32

gethostbyname
recv
getsockopt
accept
getservbyname
socket
recvfrom
send
gethostbyaddr
getpeername
getservbyport
sendto

wsnmp32

ord200

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
751fb51baa5a4ed44c9c2bb45b824831914025e87d4d866e5861a38f734d8bfe
.exe windows:4 windows x86 arch:x86

bedea59ac3b04043f81abb44474429b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetExitCodeProcess
GetLastError
CreateProcessA
WinExec
DeleteFileW
SearchPathA
GetShortPathNameA
DeleteFileA
GetSystemDirectoryW
GetShortPathNameW
ExitProcess
CreateMutexW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
TerminateProcess
SetStdHandle
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
GetModuleFileNameA
CreateFileA
GetFileSize
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
ReadFile
GetModuleFileNameW
GetTickCount
CreateFileW
WriteFile
WriteConsoleA
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RaiseException
MultiByteToWideChar
HeapAlloc
HeapFree
RtlUnwind
ExitThread
ResumeThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize

user32

GetDesktopWindow
GetClientRect
GetWindowRect
GetWindowDC
RedrawWindow
DrawTextW
SetTimer
GetDC
GetWindowTextW
MoveWindow
RegisterHotKey
LoadCursorW
RegisterClassExW
ShowWindow
UpdateWindow
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
DefWindowProcW
KillTimer
PostQuitMessage
BeginPaint
EndPaint
GetWindowLongW
ReleaseDC

gdi32

SetBkMode
SetTextColor
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
GetDIBits
DeleteDC
SetDIBitsToDevice
CreateFontW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

wininet

HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetReadFile
HttpOpenRequestW

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
95e95a5be0b57cee969c5d9f616be2e973bc08a77482c75570936faaaaa35063
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 286KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aws
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a935725900d1ad19b92bcda1c0d612bccccd8bba53dd6e13cabe6d59d7874607
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 286KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aws
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c19093138028ea6a6a6665e270c36558757931f1d7f6f88910b08e39903a1774
.dll windows:5 windows x86 arch:x86

af99cefc9e3a2c01c0a01fb0dd2ccc4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
ExitProcess
CreateFileA
GetProcAddress
LoadLibraryA
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetVersion
AllocConsole
AssignProcessToJobObject
BeginUpdateResourceA
BuildCommDCBAndTimeoutsA
CallNamedPipeA
CopyFileExA
CreateDirectoryA
CreateRemoteThread
CreateTapePartition
DeleteCriticalSection
DeleteTimerQueueTimer
EnumCalendarInfoExA
EnumResourceNamesA
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstFileA
FindNextFileW
FindNextVolumeA
FoldStringW
FreeEnvironmentStringsA
FreeResource
GetAtomNameA
GetCPInfo
GetCPInfoExA
GetCommTimeouts
GetCompressedFileSizeA
GetConsoleAliasA
GetConsoleAliasesW
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentConsoleFont
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentVariableA
GetExitCodeProcess
GetHandleInformation
GetLocaleInfoW
GetNumberOfConsoleInputEvents
GetPrivateProfileStringW
GetProfileSectionW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetVolumeNameForVolumeMountPointA
GlobalAddAtomA
GlobalAddAtomW
GlobalCompact
GlobalReAlloc
Heap32ListNext
HeapFree
HeapSize
HeapWalk
InitializeCriticalSectionAndSpinCount
InterlockedExchange
IsBadCodePtr
IsDebuggerPresent
IsValidLanguageGroup
LocalLock
LockFileEx
Module32First
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringA
Process32FirstW
Process32NextW
ResetEvent
ScrollConsoleScreenBufferA
SetConsoleCP
SetConsoleDisplayMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetCurrentDirectoryW
SetFileAttributesA
SetLocalTime
SetMessageWaitingIndicator
SetProcessAffinityMask
SetThreadPriorityBoost
SetVolumeLabelA
SetWaitableTimer
TerminateJobObject
UnhandledExceptionFilter
VerifyVersionInfoA
VirtualLock
VirtualProtectEx
WriteFileGather
WritePrivateProfileSectionA
WriteProfileStringA
_lcreat
_lread
lstrlenW

user32

LoadBitmapA
ChangeDisplaySettingsA
ChangeMenuW
CharLowerBuffW
CharNextA
CharPrevExA
CharToOemBuffW
CharUpperBuffW
CheckMenuRadioItem
CreateDesktopW
CreateIconFromResource
DdeCreateStringHandleA
DeferWindowPos
DlgDirListComboBoxW
DlgDirSelectExA
DragObject
DrawTextExA
EnableMenuItem
EnumDisplaySettingsA
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumWindows
ExcludeUpdateRgn
FlashWindow
FlashWindowEx
GetCapture
GetCaretPos
GetClipboardOwner
GetDlgItem
GetKeyNameTextW
GetMenuBarInfo
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemRect
GetMessagePos
GetOpenClipboardWindow
GetProcessWindowStation
GetQueueStatus
GetScrollInfo
GetScrollRange
GetTabbedTextExtentA
GetWindowInfo
GetWindowModuleFileNameW
GetWindowRgn
IMPQueryIMEW
ImpersonateDdeClientWindow
IsRectEmpty
LoadMenuA
LoadMenuIndirectW
LookupIconIdFromDirectory
MapVirtualKeyExW
MapWindowPoints
MessageBoxIndirectW
ModifyMenuA
MsgWaitForMultipleObjects
NotifyWinEvent
OpenClipboard
OpenWindowStationW
PeekMessageA
PostMessageA
RegisterClassExA
RegisterDeviceNotificationA
ReleaseCapture
ScreenToClient
SendMessageCallbackA
SendMessageCallbackW
SendMessageW
SendNotifyMessageA
SetCaretBlinkTime
SetCaretPos
SetCursorPos
SetDeskWallpaper
SetMenuItemBitmaps
SetScrollInfo
SetWindowRgn
SetWindowTextW
SetWindowsHookA
SetWindowsHookExA
ShowWindow
TabbedTextOutW
TileChildWindows
TileWindows
ToUnicode
TranslateMDISysAccel
UnhookWindowsHookEx
VkKeyScanA
VkKeyScanExA
WINNLSEnableIME
WaitForInputIdle

ole32

CLIPFORMAT_UserMarshal
CLIPFORMAT_UserUnmarshal
CLSIDFromProgID
CLSIDFromString
CoBuildVersion
CoCreateInstance
CoCreateObjectInContext
CoDisableCallCancellation
CoEnableCallCancellation
CoFreeUnusedLibraries
CoGetCancelObject
CoGetInstanceFromFile
CoGetMarshalSizeMax
CoGetPSClsid
CoGetStdMarshalEx
CoInitialize
CoInstall
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalInterThreadInterfaceInStream
CoQueryClientBlanket
CoRegisterClassObject
CoRegisterMallocSpy
CoRegisterSurrogateEx
CoRevokeMallocSpy
CoTaskMemAlloc
CoTaskMemRealloc
CoTestCancel
CoUnmarshalHresult
CoWaitForMultipleHandles
CreateAntiMoniker
CreateDataAdviseHolder
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateStdProgressIndicator
DcomChannelSetHResult
DllDebugObjectRPCHook
EnableHookObject
GetHGlobalFromILockBytes
GetRunningObjectTable
HACCEL_UserFree
HBITMAP_UserFree
HBITMAP_UserMarshal
HBITMAP_UserSize
HBRUSH_UserSize
HENHMETAFILE_UserSize
HGLOBAL_UserSize
HICON_UserSize
HMETAFILEPICT_UserSize
HPALETTE_UserSize
HWND_UserFree
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
IIDFromString
OleConvertIStorageToOLESTREAMEx
OleCreateEx
OleCreateLink
OleCreateLinkEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleGetIconOfFile
OleSaveToStream
OleSetAutoConvert
OleUninitialize
PropStgNameToFmtId
ReadClassStm
ReadFmtUserTypeStg
ReadOleStg
RegisterDragDrop
ReleaseStgMedium
SNB_UserSize
STGMEDIUM_UserSize
STGMEDIUM_UserUnmarshal
SetDocumentBitStg
StgCreatePropStg
StgCreateStorageEx
StgGetIFillLockBytesOnFile
StgOpenPropStg
StringFromGUID2
StringFromIID
UpdateDCOMSettings
UtConvertDvtd32toDvtd16
UtGetDvtd32Info
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserUnmarshal
WriteStringStream

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dafc6c03ef671f66ddbe47e6eee600d2dfa894eee1c1b67d51d3a24532f58e19
.exe windows:5 windows x86 arch:x86

83865c4e9fb0b41d65fca1b1f80330e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCompactPathExW
IntlStrEqWorkerW
ord29

kernel32

GetModuleHandleW
LoadLibraryW
lstrcmpA

Exports

Exports

?EditSemiActiveStatus@TRFDJE=L

Sections

.text
Size: 24KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e3c6c48ba7d213e5c5c31f43d70dc4ca1709fc29e06883f64487ad049a520b87
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 1KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
edbb453cc08e8ac79d0c60c0f1ca3803060e8c3a4dd2e2a7b40c50ec3fb0dd46
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f633e6f25507a6d99ad2474ca4528ef4fdf8f124cade2daa51d310733a62114b
.exe windows:4 windows x86 arch:x86

c55d58516ab8b94df1945dd02ca3b318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 139KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fda537bc5e4051c8c69491089041df58483e31f410f180c5767901a53a67f9ad
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 286KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aws
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3222589fbfd9f1944dd018dd514b4146

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 100KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 4KB - Virtual size: 621B

.rdata Size: 4KB - Virtual size: 462B

.data Size: - Virtual size: 2KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 48KB - Virtual size: 47KB

Headers

File Characteristics

Sections

CODE Size: 286KB - Virtual size: 720KB

DATA Size: 8KB - Virtual size: 20KB

BSS Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 44KB

.rsrc Size: 24KB - Virtual size: 96KB

.aws Size: 4KB - Virtual size: 12KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 4KB - Virtual size: 621B

.rdata Size: 4KB - Virtual size: 462B

.data Size: - Virtual size: 2KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 48KB - Virtual size: 47KB

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 4KB - Virtual size: 621B

.rdata Size: 4KB - Virtual size: 462B

.data Size: - Virtual size: 2KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 48KB - Virtual size: 47KB

5034146808fabf9c0f0b9080bdf1395f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 4KB - Virtual size: 621B

.rdata Size: 4KB - Virtual size: 462B

.data Size: - Virtual size: 2KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 100KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 621B

.rdata
Size: 4KB - Virtual size: 462B

.data
Size: - Virtual size: 2KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 48KB - Virtual size: 47KB

CODE
Size: 286KB - Virtual size: 720KB

DATA
Size: 8KB - Virtual size: 20KB

BSS
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 44KB

.rsrc
Size: 24KB - Virtual size: 96KB

.aws
Size: 4KB - Virtual size: 12KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 621B

.rdata
Size: 4KB - Virtual size: 462B

.data
Size: - Virtual size: 2KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 4KB - Virtual size: 621B

.rdata
Size: 4KB - Virtual size: 462B

.data
Size: - Virtual size: 2KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 4KB - Virtual size: 621B

.rdata
Size: 4KB - Virtual size: 462B

.data
Size: - Virtual size: 2KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 48KB - Virtual size: 47KB

UPX0
Size: 344KB - Virtual size: 344KB

UPX1
Size: 211KB - Virtual size: 212KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 200KB - Virtual size: 200KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 31KB - Virtual size: 31KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

b3:d1:6e:07:60:17:ab:24:96:50:62:41:77:87:7a:9d
Certificate

7c:f7:fd:ee:a9:d2:a2:26:c3:db:da:90:64:6b:07:29:bb:d9:f0:be
Signer

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 68KB - Virtual size: 66KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 288B

.rdata
Size: 109KB - Virtual size: 108KB

.bss
Size: - Virtual size: 480B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB