360790a458803634b049c75f5a6b181042dc1be365e1d87552a1ea98bbe9f9cc

Sharing

Copy URL

Twitter E-mail

General

Target

360790a458803634b049c75f5a6b181042dc1be365e1d87552a1ea98bbe9f9cc
Size

33.0MB
MD5

43c4e1f4bb5009032027a7cccbde7a40
SHA1

2a690d794fdac6f7893c5585d32622c693cb4abc
SHA256

360790a458803634b049c75f5a6b181042dc1be365e1d87552a1ea98bbe9f9cc
SHA512

30a874de92b10fdc09a00494432d854b437dbd2db2575a65f5ebe1abec227bd781c8b851fe74e335e7fe5a95054eeb53beda4e5dd62b417e0884d751031cadd6
SSDEEP

786432:Mn1LRiC0KUGwyOvqrwFrm1PUIviIgKfmKJAXdmqIkP:GV05nCrfPU3IgcmKJAr

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/078db59624b35fe4dd0fe0420bd99bd349aa053ef07c982fdc6a58effd96c76d.exe	upx
static1/unpack001/07f59c1814f6b5d712b6bd55b180bd9d69890eb337b44977749a59bf39958b17.exe	upx
static1/unpack001/083d3eee7980bb0b8f28a0452ed2af47610e747db2823a0ad6eb7dbfad7ef98c.exe	upx
static1/unpack001/08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe	upx
static1/unpack001/08c1757fc2332f7d219bf2c7bff648ed78f51106e262e6e6f3ade6b0e847dff6.exe	upx
static1/unpack001/0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe	upx
static1/unpack001/0d1c17f83137538366a2ca9f2948458b00943a4b5033f5d0b9f25f85af36edd0.exe	upx
static1/unpack001/1017f357d88223cb18ec43554b65f2ec3f2d67851c7723f3a21bf67d7f02f1c6.exe	upx
static1/unpack001/152de8e813722eadbc25a08e1871382a887505388e03991595572bb632974e2e.exe	upx
static1/unpack001/1c429652e66bc481a2ce0309e4389cbcf93c1bd9727760d70418b9071a6818c5.exe	upx
static1/unpack001/253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe	upx
static1/unpack001/2936e6b87d417380f2f28b8274f791a526d2dc7b2d9c014b80e8c88ab9ad2099.exe	upx
static1/unpack001/34d442be10bb25f618c4405530c5f88faf573bc855731e0ff950c7de4e650e94.exe	upx
static1/unpack001/35b602d3bc59203544d3a7b436a9a58e6bf18c32dc2e02bebfdc92532da84c59.exe	upx
static1/unpack001/37b787bda6b8bc33df0d7d022000e3b5bd9bf41e2fda25fab3443e0d16d0a067.exe	upx
static1/unpack001/3ad45153fbc1c8505adaf775346c8b9b619880cd8a4d9be6e90ce37d401c6001.exe	upx
static1/unpack001/3b136f1a28ecd06b9c1978c97f18a911b04b680044d62f9fd61ebe916640068e.exe	upx
static1/unpack001/3b4f58ce90eec76580ff92c306dfe4d52afd861e870fb11963d9cc7607d1c6e3.exe	upx
static1/unpack001/3e6e65352e880e97dd363447feaa590f6d32dca658d4d6f9b459eb1411c4ac00.exe	upx
static1/unpack001/3f47bd56fefbd6c496e66eded400faa7c7ec71054b77e4f101ad638ddbe0e151.exe	upx
static1/unpack001/41703dc833d7c6802e2bcf7366bec3601a84dfecbd306c23961dac16c1d56cd9.exe	upx
static1/unpack001/42476a65557a2500a556d02bd8898d25cdcaf24cbc76994c6517fa5d8b251eba.exe	upx
static1/unpack001/475074da548c898c5576ea2fbadfca32d0a9f098435800f263830980be101cc4.exe	upx
static1/unpack001/47bb38eebb82994a203d21a8c4d1c3232d55414c549d225dcc4324b8394a6f87.exe	upx
static1/unpack001/4ad3e68df0f38ba3c4dd2713a092d527f97b069a0d86db86fef6bb28a18757bb.exe	upx
static1/unpack001/4c6a36578802cdac09d90b572072565f5bea23829d47050d7ac683c21eb63f1d.exe	upx
static1/unpack001/4cbd9a1129ad3a98202b4b4bd37463e35300a599d5e4689cf660a3c64d532ce9.exe	upx
static1/unpack001/5722601f154001c8288f4ab72ee805853ceb99f32c30b103c7b35dc01f53de31.exe	upx
static1/unpack001/5f7731becc6b595daf20d31ebd10e863b63247e22b2edfe01ecd7dfd0148f038.exe	upx
static1/unpack001/6178134c4ae7f2f4ccc93b3dbc430f7309579ef02f96a57b1b1dc0d3b2a1dafe.exe	upx
static1/unpack001/63076c7fcd1f03f041f4da5128cad837b15dad22ea11bc864b080d1e08f17d8a.exe	upx
static1/unpack001/648778ad6bb36e63c7a3f02f6e8dca1aef60c0e89dac5ac66787ab6178217d12.exe	upx
static1/unpack001/6582600d263bcc88e7e4e2d2cb2da2abac8bfcf442a7278915b9d76406c5871f.exe	upx
static1/unpack001/6a2295b980560241c2c6c5b9d59b056092b1f1958f4631c86ad8706ae49cfe1f.exe	upx
static1/unpack001/6ccd86c69700795c6cbccec0c6daf94ad3ee01f559657c060dcdded96765247d.exe	upx
static1/unpack001/7280f0f9c670efb22646ad033d758367934cabf9bc2c47e12a33160ec718e23b.exe	upx
static1/unpack001/7623c4c278da84e0e4478768dc906e32b99527a9eab8efc7a2c171d5910b6236.exe	upx
static1/unpack001/769e55d42d07e669ba0454cde78b97e56c905df32c157ba36601e986eb2e3006.exe	upx
static1/unpack001/7a8d251b8627ef87f52c7cadb0879da6041fcd022d94202bf6a89434fe65ea58.exe	upx
static1/unpack001/805b118b0b1f97a4ef66bc39e4b8e6bcbbcf4a348559b658c764089cea8de171.exe	upx
static1/unpack001/85c0dfeca0321fe06f275f799173403eb43ef723dcf39130afe2beb9b808c950.exe	upx
static1/unpack001/8745cc5a6a7ce5ca583d39571fb4cc83cd2db88b60d4e37aca251ad9bf8afdec.exe	upx
static1/unpack001/8f5d5e7c8c1e73a33051af2cbd5e0a235e12b52a5bda36defe8abda038ca579a.exe	upx
static1/unpack001/925a9aa1ce8c4c7578c051320d63e17fe93d49b4efcbc4d8323f8974974d0301.exe	upx
static1/unpack001/9360c37c25bac4bea2f6a2683c69c2747c1abd3b5382e44f9a1b1f9f4a2d24d7.exe	upx
static1/unpack001/9c7799d2186532c5e0302827125b0b314f7fc29f767a8fffd44313073f999623.exe	upx
static1/unpack001/9d0ba879abf6cdd4a2d29d3b51a93036983f76b345795778da77086a69e5ae81.exe	upx
static1/unpack001/9d9adbb582a6c41d5f00a887ced5e1808498b8a192ea0de87861d8a28b7f5626.exe	upx
static1/unpack001/9e3e3ae08afe0439921580379ee8cc360f05aec8b89aab0b4776ab339f9a9c5a.exe	upx
static1/unpack001/9fbeb2b2e45acd0aa1d990056fb7053b56d7d223c816f294450ea942b2540a50.exe	upx
static1/unpack001/a478b3698e1eceec8b95921a2dc77e35963e89e2f59356b06fba58d799787d46.exe	upx
static1/unpack001/a66e47b09e9ac88cb26659febaab3a8cb2719913bcad597ad76806ef0e07d0b1.exe	upx
static1/unpack001/aaf1731372809752584667323d5a516266ab1ec46444d24e7006b7ed2581798a.exe	upx
static1/unpack001/adb2528bfb0f10b1a0d7d1cf83aafe7cb2ed002b3abeb5bbf366abd257242185.exe	upx
static1/unpack001/afaf8e2bdc6d38d411f06faeef2914baf0eb08d691deeb95534c86ed5cc3d8b4.exe	upx
static1/unpack001/b57afa7f5c70ca98471ca50164af80bebbc3eba33c6f2965fcb0c9da0033fb83.exe	upx
static1/unpack001/b5c61fdce2ac3fb9a172650f06b4c9be7b0d7c7db3d474b2b7b4ca96e85689d4.exe	upx
static1/unpack001/b8bad264282d7f961a36f2b660d498f494b66c0f2be60bc65305e14425c1a944.exe	upx
static1/unpack001/c1b4b00d1d5f591386f9ed5f6b36dc6bea12dbf96d858ae91fc04588d256c776.exe	upx
static1/unpack001/c31d8149871f40df584d40490601f58579cd7c00fb6d55c8f83ab727cb4fff1e.exe	upx
static1/unpack001/c8c3e9184bece912075aee5b4c309ac4d78596a743bb5d8073d9f6f985d808d8.exe	upx
static1/unpack001/c9fac6fb83e346781e468c9056325a78d7ce0f02f09648052ddc54c6855cc56a.exe	upx
static1/unpack001/cacf201e63675fefbfd6a6530fc9a0dbc73732d162693696f135a3d42285d26b.exe	upx
static1/unpack001/cc0a175f2bcf2dbf669fb17a8f2dc0152a4a220b2eb1f87e57ac5d8c67ecbc89.exe	upx

Unsigned PE 116 IoCs

Checks for missing Authenticode signature.

resource
unpack001/078db59624b35fe4dd0fe0420bd99bd349aa053ef07c982fdc6a58effd96c76d.exe
unpack002/out.upx
unpack001/07f59c1814f6b5d712b6bd55b180bd9d69890eb337b44977749a59bf39958b17.exe
unpack003/out.upx
unpack001/083d3eee7980bb0b8f28a0452ed2af47610e747db2823a0ad6eb7dbfad7ef98c.exe
unpack004/out.upx
unpack001/08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
unpack005/out.upx
unpack001/08c1757fc2332f7d219bf2c7bff648ed78f51106e262e6e6f3ade6b0e847dff6.exe
unpack006/out.upx
unpack001/0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe
unpack007/out.upx
unpack001/0d1c17f83137538366a2ca9f2948458b00943a4b5033f5d0b9f25f85af36edd0.exe
unpack008/out.upx
unpack001/1017f357d88223cb18ec43554b65f2ec3f2d67851c7723f3a21bf67d7f02f1c6.exe
unpack009/out.upx
unpack001/152de8e813722eadbc25a08e1871382a887505388e03991595572bb632974e2e.exe
unpack001/18a7c9bb155a24636fb7679c2c33562f66a85fa29949493d4a2dc31b0443321a.exe
unpack001/1c429652e66bc481a2ce0309e4389cbcf93c1bd9727760d70418b9071a6818c5.exe
unpack001/231f15571a7f90c6c74f0f6eb57a813a54fa927b5c13610e5d6ff680023852d3.exe
unpack001/253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe
unpack001/26ccb116f44f24784c0c2e9e2f4f796b239ce96c34246b50194342c76fa3198f.exe
unpack001/2936e6b87d417380f2f28b8274f791a526d2dc7b2d9c014b80e8c88ab9ad2099.exe
unpack001/294c772f504cada1885f44f9b4f4cf06098f88524bf40ba62aeea7a0c482ce3f.exe
unpack001/339c1332272ad264007cf97c4a6a402def0241abd5128dacb654033f524fcf7f.exe
unpack001/34d442be10bb25f618c4405530c5f88faf573bc855731e0ff950c7de4e650e94.exe
unpack001/35b602d3bc59203544d3a7b436a9a58e6bf18c32dc2e02bebfdc92532da84c59.exe
unpack001/37b787bda6b8bc33df0d7d022000e3b5bd9bf41e2fda25fab3443e0d16d0a067.exe
unpack001/3ad45153fbc1c8505adaf775346c8b9b619880cd8a4d9be6e90ce37d401c6001.exe
unpack001/3b136f1a28ecd06b9c1978c97f18a911b04b680044d62f9fd61ebe916640068e.exe
unpack001/3b4f58ce90eec76580ff92c306dfe4d52afd861e870fb11963d9cc7607d1c6e3.exe
unpack001/3e5075dfc0dddc436d928c6425f581f76ba1dc51b7a7e08af844bef7ab9398b2.exe
unpack001/3e6e65352e880e97dd363447feaa590f6d32dca658d4d6f9b459eb1411c4ac00.exe
unpack001/3f47bd56fefbd6c496e66eded400faa7c7ec71054b77e4f101ad638ddbe0e151.exe
unpack001/41703dc833d7c6802e2bcf7366bec3601a84dfecbd306c23961dac16c1d56cd9.exe
unpack001/42476a65557a2500a556d02bd8898d25cdcaf24cbc76994c6517fa5d8b251eba.exe
unpack001/475074da548c898c5576ea2fbadfca32d0a9f098435800f263830980be101cc4.exe
unpack001/47bb38eebb82994a203d21a8c4d1c3232d55414c549d225dcc4324b8394a6f87.exe
unpack001/4ad3e68df0f38ba3c4dd2713a092d527f97b069a0d86db86fef6bb28a18757bb.exe
unpack001/4c6a36578802cdac09d90b572072565f5bea23829d47050d7ac683c21eb63f1d.exe
unpack001/4cbd9a1129ad3a98202b4b4bd37463e35300a599d5e4689cf660a3c64d532ce9.exe
unpack001/51129d8111357830531ab4b26501fd3872a926c25a4d0b7784951fb4cb24289d.exe
unpack001/5722601f154001c8288f4ab72ee805853ceb99f32c30b103c7b35dc01f53de31.exe
unpack001/5858da7c4fb77145b650b62ebb121875a050dbd7b7d760d5f72b06db9abf8a46.exe
unpack001/59c8b894378a2f9d41ac3ca26d515e02894de761f88662860e31ce8fe88227f2.exe
unpack001/5bcaf1a4a35204298a330f7d609e9356e64f159f1d33782960d4c2ad0d411592.exe
unpack001/5f7731becc6b595daf20d31ebd10e863b63247e22b2edfe01ecd7dfd0148f038.exe
unpack001/6178134c4ae7f2f4ccc93b3dbc430f7309579ef02f96a57b1b1dc0d3b2a1dafe.exe
unpack001/62469b51c0dcd8ac0a2367a00f8ff4f4ab25bd661bca5b0c13beba7352aeb264.exe
unpack001/63076c7fcd1f03f041f4da5128cad837b15dad22ea11bc864b080d1e08f17d8a.exe
unpack001/648778ad6bb36e63c7a3f02f6e8dca1aef60c0e89dac5ac66787ab6178217d12.exe
unpack001/6582600d263bcc88e7e4e2d2cb2da2abac8bfcf442a7278915b9d76406c5871f.exe
unpack001/69a2c1a336d492b055dca22fade8ce459865fd26883ac8587a6c3e7048d1a225.exe
unpack001/6a2295b980560241c2c6c5b9d59b056092b1f1958f4631c86ad8706ae49cfe1f.exe
unpack001/6ccd86c69700795c6cbccec0c6daf94ad3ee01f559657c060dcdded96765247d.exe
unpack001/6cf1ee68f514c634622192726b74dacd4d6d6437f8d36ba1ad63250a18eee163.exe
unpack001/7280f0f9c670efb22646ad033d758367934cabf9bc2c47e12a33160ec718e23b.exe
unpack001/72b647a2e58faa83773fdbd4b2a5a92bef77451bcd7f145bf1e9d774c0df6b0d.exe
unpack001/7623c4c278da84e0e4478768dc906e32b99527a9eab8efc7a2c171d5910b6236.exe
unpack001/769e55d42d07e669ba0454cde78b97e56c905df32c157ba36601e986eb2e3006.exe
unpack001/79af1ca780d1e68429cc543c82e08511ff2d56810773e80542a7ec604b77415f.exe
unpack001/7a8d251b8627ef87f52c7cadb0879da6041fcd022d94202bf6a89434fe65ea58.exe
unpack001/805b118b0b1f97a4ef66bc39e4b8e6bcbbcf4a348559b658c764089cea8de171.exe
unpack001/85c0dfeca0321fe06f275f799173403eb43ef723dcf39130afe2beb9b808c950.exe
unpack001/86701150bdc6f4a35dea19f3cd0e221a67804541404f1717988eba110949beb6.exe
unpack001/8745cc5a6a7ce5ca583d39571fb4cc83cd2db88b60d4e37aca251ad9bf8afdec.exe
unpack001/8f5d5e7c8c1e73a33051af2cbd5e0a235e12b52a5bda36defe8abda038ca579a.exe
unpack001/8f813c26e586aed0873d44b962b543322b4adb5af196ba6c82b731908f17fbc6.exe
unpack001/925a9aa1ce8c4c7578c051320d63e17fe93d49b4efcbc4d8323f8974974d0301.exe
unpack001/9360c37c25bac4bea2f6a2683c69c2747c1abd3b5382e44f9a1b1f9f4a2d24d7.exe
unpack001/9c7799d2186532c5e0302827125b0b314f7fc29f767a8fffd44313073f999623.exe
unpack001/9d0ba879abf6cdd4a2d29d3b51a93036983f76b345795778da77086a69e5ae81.exe
unpack001/9d9adbb582a6c41d5f00a887ced5e1808498b8a192ea0de87861d8a28b7f5626.exe
unpack001/9e3e3ae08afe0439921580379ee8cc360f05aec8b89aab0b4776ab339f9a9c5a.exe
unpack001/9fbeb2b2e45acd0aa1d990056fb7053b56d7d223c816f294450ea942b2540a50.exe
unpack001/a27529b4173a75b33d4b5c087a59c52d21eacb310f24d867d7e5e05b9d466bd0.exe
unpack001/a478b3698e1eceec8b95921a2dc77e35963e89e2f59356b06fba58d799787d46.exe
unpack001/a66e47b09e9ac88cb26659febaab3a8cb2719913bcad597ad76806ef0e07d0b1.exe
unpack001/a68083fd2b333868463f4e7ef647952df6018599a36b3cd43f1aab611baeafa5.exe
unpack001/aaf1731372809752584667323d5a516266ab1ec46444d24e7006b7ed2581798a.exe
unpack001/abba51f2028ea416d6e713008de6f545e5304ef660b0ffda8f616cc49df74ee0.exe
unpack001/adb2528bfb0f10b1a0d7d1cf83aafe7cb2ed002b3abeb5bbf366abd257242185.exe
unpack001/afaf8e2bdc6d38d411f06faeef2914baf0eb08d691deeb95534c86ed5cc3d8b4.exe
unpack001/b57afa7f5c70ca98471ca50164af80bebbc3eba33c6f2965fcb0c9da0033fb83.exe
unpack001/b5c61fdce2ac3fb9a172650f06b4c9be7b0d7c7db3d474b2b7b4ca96e85689d4.exe
unpack001/b8bad264282d7f961a36f2b660d498f494b66c0f2be60bc65305e14425c1a944.exe
unpack001/bc2cb0c45991b1e78788934f5109833bbd70fff09c19f31ab043ce233ac980f8.exe
unpack001/c1b4b00d1d5f591386f9ed5f6b36dc6bea12dbf96d858ae91fc04588d256c776.exe
unpack001/c31d8149871f40df584d40490601f58579cd7c00fb6d55c8f83ab727cb4fff1e.exe
unpack001/c643dd68857d66d3f9286b721b45dafbb179941d156c27374c69255152d18fbb.exe
unpack001/c74f51e3e79b8330fa8b02c0b63376fc473c0cf75561bcae60e392e0801e27c8.exe
unpack001/c8c3e9184bece912075aee5b4c309ac4d78596a743bb5d8073d9f6f985d808d8.exe
unpack001/c9fac6fb83e346781e468c9056325a78d7ce0f02f09648052ddc54c6855cc56a.exe
unpack001/cab4a8c4e53c13674d5380248fc53be7f5f73b289ac770e2c18f4e491ec27a44.exe
unpack001/cacf201e63675fefbfd6a6530fc9a0dbc73732d162693696f135a3d42285d26b.exe
unpack001/cc0a175f2bcf2dbf669fb17a8f2dc0152a4a220b2eb1f87e57ac5d8c67ecbc89.exe
unpack001/cd2133c0391dd80355f89a1b31bc70aaded874791decd45a2922712d2472ad13.exe
unpack001/ce993a84afea5c71d27afef3ea6b04788571535c6c59ff59659018292b96d2aa.exe
unpack001/d70d18ee4fd3796580be25637bd5fd596cb2c9f6b9d0c6042d8d4be3149047cb.exe
unpack001/d7353ab37cd95b8b37f79d5dd720314cb17ee3db8a1122034f5339384002d436.exe
unpack001/db905898044cc06bb7be8ba0afc3d132d039d616f4437f2389666418a295afa2.exe
unpack001/e020145e58c0599ded40b24318964253ff6dc25cbab69d10c2b3f37874300e77.exe
unpack001/e16ee4a88f8f2eb2de3aaf8b93d5066f857d1ea9c2ef19a833c43ecf9d7650a2.exe
unpack001/e252230d0c271733676be525a5c56e728959fafc78aeec959dea601f69416aa6.exe
unpack001/e78339fa08b3f43fc6b28b4c39929d3d44f372bdee1ed4c3f7ea7212bc5ea6d1.exe
unpack001/e8adc9d05dde0a38c36913d5375485fc539b2f1b4df2e3f48d0ca750b7608a9f.exe
unpack001/eac3ff73f2a9f6e838cd488f4368a3b7a613343f30a89425eb1519f03ae4c603.exe
unpack001/f51dc8d25320614cab7e1482f69e16c17dcfe5f4549aac897f1026c467433087.exe
unpack001/f55556dfed957b15737e1a9e5d9810031c6c12e908f92f4ec1678cf2afb3cea2.exe
unpack001/f55d71641e8355d432d3777599a3e289ecc2f236244663c96a8370bcafb9e501.exe
unpack001/f72a7a219b3126a0da0a1c0217170f3be1fe97d3ef78d7b165690489b9d8680f.exe
unpack001/f82c6a144f3fd0f89565d6cd16c841335f40a4da07c667d9f73828f72b85171a.exe
unpack001/f909c8802583d1b8372b3176a1d30d053ac3b4a4ca7b5a2476f4d831c89b5347.exe
unpack001/fc18ed3d18dedf685aa9ea1ffd65c2d19ea32d3891cdaaa4651e6a08d0cbbd22.exe
unpack001/fde0db0313817e4118ed1c71055301bcc8148ffec985eabdfeb9eb3427510387.exe
unpack001/ff992fa10d45e6c54dd1581207242a052ebdbd6b0d9bcb2e4994709329bb68a1.exe

Files

360790a458803634b049c75f5a6b181042dc1be365e1d87552a1ea98bbe9f9cc
.zip
078db59624b35fe4dd0fe0420bd99bd349aa053ef07c982fdc6a58effd96c76d.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 260KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 76.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
07f59c1814f6b5d712b6bd55b180bd9d69890eb337b44977749a59bf39958b17.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 76.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 843KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
083d3eee7980bb0b8f28a0452ed2af47610e747db2823a0ad6eb7dbfad7ef98c.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 76.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 841KB - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 67.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 323KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 918KB - Virtual size: 918KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
08c1757fc2332f7d219bf2c7bff648ed78f51106e262e6e6f3ade6b0e847dff6.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 918KB - Virtual size: 917KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_Gavno@4

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 77.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0d1c17f83137538366a2ca9f2948458b00943a4b5033f5d0b9f25f85af36edd0.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 250KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 76.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 841KB - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1017f357d88223cb18ec43554b65f2ec3f2d67851c7723f3a21bf67d7f02f1c6.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 308KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fod
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
152de8e813722eadbc25a08e1871382a887505388e03991595572bb632974e2e.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 73.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 554KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
18a7c9bb155a24636fb7679c2c33562f66a85fa29949493d4a2dc31b0443321a.exe
.exe windows:5 windows x86 arch:x86

96e1912136614a8b139569449c681c4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetPriorityClass
SetLocalTime
IsBadHugeReadPtr
BuildCommDCBAndTimeoutsA
_lwrite
ReadConsoleA
GetModuleHandleW
GlobalAlloc
LoadLibraryW
Sleep
SizeofResource
SetSystemPowerState
GetACP
lstrlenW
FreeLibraryAndExitThread
GetLastError
GetCurrentDirectoryW
UnhandledExceptionFilter
FindAtomA
GetPrivateProfileStructA
WaitForMultipleObjects
CreatePipe
WaitCommEvent
CreateMutexA
VirtualProtect
lstrcpyW
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapFree
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetModuleHandleA
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

_fgeek@8

Sections

.text
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1c429652e66bc481a2ce0309e4389cbcf93c1bd9727760d70418b9071a6818c5.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1fe8e976dc31ecc74c27018b3a7550e3c16c39b05f17237a39f59a1cf262330b.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

64:f8:2e:d8:a9:0f:92:a9:40:be:2b:b9:0f:bf:6f:48
Certificate

Issuer

CN=Klimate Vision Plus

Not Before

22-10-2020 16:25

Not After

23-10-2030 16:25

Subject

CN=Klimate Vision Plus

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:d1:ce:6c:13:00:9f:1b:bc:4d:f1:59:a5:2a:c5:12:be:af:c9:e2:60:7b:83:05:93:5c:f6:70:a5:6e:c0:c4
Signer

Actual PE Digest

9d:d1:ce:6c:13:00:9f:1b:bc:4d:f1:59:a5:2a:c5:12:be:af:c9:e2:60:7b:83:05:93:5c:f6:70:a5:6e:c0:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
231f15571a7f90c6c74f0f6eb57a813a54fa927b5c13610e5d6ff680023852d3.exe
.exe windows:5 windows x86 arch:x86

47bea19c2a7eb4ea15156b2a1686044a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
CreateMutexW
SetPriorityClass
SetLocalTime
ReadConsoleA
SleepEx
GetProcessPriorityBoost
GetModuleHandleW
GetTickCount
WriteFile
GetPrivateProfileIntA
Sleep
SizeofResource
SetSystemTimeAdjustment
TerminateProcess
lstrlenW
GetThreadContext
FreeLibraryAndExitThread
SetVolumeLabelW
LoadLibraryA
CreateSemaphoreW
LocalAlloc
SetConsoleDisplayMode
PostQueuedCompletionStatus
AddAtomA
GetPrivateProfileStructA
_lread
EnumResourceNamesA
BuildCommDCBA
VirtualProtect
CloseHandle
lstrcpyA
GetSystemDefaultLangID
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetCurrentProcessId
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetLocaleInfoW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA

gdi32

GetCharWidthW

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 43.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
26ccb116f44f24784c0c2e9e2f4f796b239ce96c34246b50194342c76fa3198f.exe
.exe windows:5 windows x86 arch:x86

36a15ed1f185a535c5dde459f2d9f10a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetLocalTime
IsBadHugeReadPtr
LoadResource
_lwrite
ReadConsoleA
GetModuleHandleW
GetPriorityClass
GlobalAlloc
LoadLibraryW
Sleep
GetPrivateProfileStructW
SetSystemPowerState
lstrlenW
FreeLibraryAndExitThread
GetLastError
GetCurrentDirectoryW
IsValidCodePage
UnhandledExceptionFilter
BuildCommDCBAndTimeoutsW
WaitForMultipleObjects
CreatePipe
WaitCommEvent
CreateMutexA
VirtualProtect
FindAtomW
lstrcpyW
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapFree
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetModuleHandleA
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

_fgeek@8

Sections

.text
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2936e6b87d417380f2f28b8274f791a526d2dc7b2d9c014b80e8c88ab9ad2099.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
294c772f504cada1885f44f9b4f4cf06098f88524bf40ba62aeea7a0c482ce3f.exe
.exe windows:5 windows x86 arch:x86

b6122f22bb87c6cf431ad771365a6a11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
CreateMutexW
lstrlenA
CopyFileExW
CommConfigDialogA
WriteConsoleOutputCharacterA
GetCommState
SetDefaultCommConfigW
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
CancelWaitableTimer
GetModuleHandleW
GetWindowsDirectoryA
WriteFile
CreateActCtxW
LoadLibraryW
GetSystemPowerStatus
GetCalendarInfoW
GetStringTypeExW
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetTimeZoneInformation
lstrcatA
GetConsoleAliasesW
GetLastError
VirtualAlloc
ResetEvent
LocalAlloc
OpenEventA
HeapLock
GetModuleFileNameA
CreateMailslotA
WriteConsoleOutputAttribute
DuplicateHandle
ReleaseMutex
FindAtomW
QueryDepthSList
GetSystemTime
LCMapStringW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
GetStdHandle
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetModuleHandleA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xix
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
339c1332272ad264007cf97c4a6a402def0241abd5128dacb654033f524fcf7f.exe
.exe windows:5 windows x86 arch:x86

ed5b3e6e5e9eb6b0143af59a0368dd91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedCompareExchange
ReadConsoleInputW
SetTapeParameters
GetTapeStatus
WaitNamedPipeA
GetTickCount
CreateFileA
GetPrivateProfileSectionW
SetEvent
RequestDeviceWakeup
WriteProcessMemory
AllocConsole
SetConsoleTitleW
LoadLibraryA
VirtualAlloc
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
SetDefaultCommConfigA
CommConfigDialogW
GetFileAttributesA
HeapLock
HeapReAlloc
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameA
CreateMutexA
WaitForSingleObject
lstrlenA
CreateActCtxA
LocalLock
ReadFile
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

advapi32

CloseEventLog
DeregisterEventSource
BackupEventLogW
RegQueryValueExA

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yek
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.movas
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lipi
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rixesi
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
34d442be10bb25f618c4405530c5f88faf573bc855731e0ff950c7de4e650e94.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 573KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
35b602d3bc59203544d3a7b436a9a58e6bf18c32dc2e02bebfdc92532da84c59.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 571KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
37b787bda6b8bc33df0d7d022000e3b5bd9bf41e2fda25fab3443e0d16d0a067.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 575KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3ad45153fbc1c8505adaf775346c8b9b619880cd8a4d9be6e90ce37d401c6001.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3b136f1a28ecd06b9c1978c97f18a911b04b680044d62f9fd61ebe916640068e.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3b4f58ce90eec76580ff92c306dfe4d52afd861e870fb11963d9cc7607d1c6e3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 67.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3e5075dfc0dddc436d928c6425f581f76ba1dc51b7a7e08af844bef7ab9398b2.exe
.exe windows:5 windows x86 arch:x86

41b9729f885864f50faa7c1beb20c7f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeLabelA
CreateMutexW
SetPriorityClass
SetThreadContext
SetLocalTime
LoadResource
ReadConsoleA
SetDefaultCommConfigW
SleepEx
CallNamedPipeW
GetModuleHandleW
GetTickCount
WriteFile
SetProcessPriorityBoost
GlobalAlloc
SizeofResource
TerminateProcess
lstrlenW
FileTimeToDosDateTime
GetPrivateProfileIntW
FreeLibraryAndExitThread
SearchPathA
LoadLibraryA
CreateSemaphoreW
LocalAlloc
PostQueuedCompletionStatus
AddAtomA
GetPrivateProfileStructA
_lread
EnumResourceNamesA
BuildCommDCBA
VirtualProtect
CloseHandle
lstrcpyW
GetSystemDefaultLangID
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetCurrentProcessId
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetLocaleInfoW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

gdi32

GetCharWidthW

winhttp

WinHttpCloseHandle

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3e6e65352e880e97dd363447feaa590f6d32dca658d4d6f9b459eb1411c4ac00.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 252KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3f47bd56fefbd6c496e66eded400faa7c7ec71054b77e4f101ad638ddbe0e151.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
41703dc833d7c6802e2bcf7366bec3601a84dfecbd306c23961dac16c1d56cd9.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
42476a65557a2500a556d02bd8898d25cdcaf24cbc76994c6517fa5d8b251eba.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 306KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
475074da548c898c5576ea2fbadfca32d0a9f098435800f263830980be101cc4.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 381KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
47bb38eebb82994a203d21a8c4d1c3232d55414c549d225dcc4324b8394a6f87.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4ad3e68df0f38ba3c4dd2713a092d527f97b069a0d86db86fef6bb28a18757bb.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 258KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4c6a36578802cdac09d90b572072565f5bea23829d47050d7ac683c21eb63f1d.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 315KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4cbd9a1129ad3a98202b4b4bd37463e35300a599d5e4689cf660a3c64d532ce9.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
51129d8111357830531ab4b26501fd3872a926c25a4d0b7784951fb4cb24289d.exe
.exe windows:5 windows x86 arch:x86

c0e9a7b477e9ee41cc0b5db8c86476da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCompact
GetLocaleInfoA
HeapAlloc
WriteTapemark
EndUpdateResourceW
ReadConsoleOutputAttribute
InterlockedCompareExchange
GetConsoleTitleA
CreateActCtxW
ReadConsoleInputA
GetSystemPowerStatus
ReadProcessMemory
GetSystemWindowsDirectoryA
GetFileAttributesW
GetGeoInfoA
ReadFile
GetModuleFileNameW
lstrlenW
SetDefaultCommConfigA
SetTapePosition
LCMapStringA
GetLastError
AttachConsole
VirtualAlloc
ResetEvent
LoadLibraryA
BeginUpdateResourceA
SetConsoleWindowInfo
WaitForMultipleObjects
GetVolumePathNamesForVolumeNameA
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
RequestDeviceWakeup
CloseHandle
GetWindowsDirectoryW
lstrcpyW
CreateMailslotW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
HeapSize
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

gdi32

GetCharWidthFloatA

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wisec
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5722601f154001c8288f4ab72ee805853ceb99f32c30b103c7b35dc01f53de31.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 575KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5858da7c4fb77145b650b62ebb121875a050dbd7b7d760d5f72b06db9abf8a46.exe
.exe windows:5 windows x86 arch:x86

055a97e880866525abd44b99ba1c0438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedCompareExchange
ReadConsoleInputA
SetTapeParameters
GetTapeStatus
WaitNamedPipeW
GetLastError
CreateFileA
GetPrivateProfileSectionW
SetEvent
RequestDeviceWakeup
LocalLock
AllocConsole
SetConsoleTitleW
LoadLibraryA
VirtualAlloc
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
SetDefaultCommConfigA
CommConfigDialogW
GetFileAttributesA
HeapLock
HeapAlloc
GetUserDefaultLangID
lstrcatA
GetVolumePathNamesForVolumeNameA
SetLastError
WriteConsoleOutputAttribute
CreateMutexA
WaitForSingleObject
lstrlenA
CreateActCtxA
WriteProcessMemory
ReadFile
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
HeapReAlloc
SetFilePointer
CloseHandle
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoW

advapi32

CloseEventLog
DeregisterEventSource
BackupEventLogW
RegQueryValueExA

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fosak
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lofehi
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
59c8b894378a2f9d41ac3ca26d515e02894de761f88662860e31ce8fe88227f2.exe
.exe windows:5 windows x86 arch:x86

96e1912136614a8b139569449c681c4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetPriorityClass
SetLocalTime
IsBadHugeReadPtr
BuildCommDCBAndTimeoutsA
_lwrite
ReadConsoleA
GetModuleHandleW
GlobalAlloc
LoadLibraryW
Sleep
SizeofResource
SetSystemPowerState
GetACP
lstrlenW
FreeLibraryAndExitThread
GetLastError
GetCurrentDirectoryW
UnhandledExceptionFilter
FindAtomA
GetPrivateProfileStructA
WaitForMultipleObjects
CreatePipe
WaitCommEvent
CreateMutexA
VirtualProtect
lstrcpyW
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapFree
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetModuleHandleA
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

_fgeek@8

Sections

.text
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5bcaf1a4a35204298a330f7d609e9356e64f159f1d33782960d4c2ad0d411592.exe
.exe windows:5 windows x86 arch:x86

93307125965b3c943b2ea342672da7d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetLocalTime
IsBadHugeReadPtr
LoadResource
_lwrite
SleepEx
ConnectNamedPipe
GetModuleHandleW
ReadConsoleW
GetPriorityClass
GlobalAlloc
Sleep
GetPrivateProfileStructW
GetSystemPowerStatus
lstrlenW
RaiseException
FreeLibraryAndExitThread
GetLastError
GetCurrentDirectoryW
IsValidCodePage
LoadLibraryA
BuildCommDCBAndTimeoutsW
WaitCommEvent
CreateMutexA
VirtualProtect
FindAtomW
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapFree
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
GetFileType
CreateFileA
HeapAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetModuleHandleA
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

_fgeek@8

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5f7731becc6b595daf20d31ebd10e863b63247e22b2edfe01ecd7dfd0148f038.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6178134c4ae7f2f4ccc93b3dbc430f7309579ef02f96a57b1b1dc0d3b2a1dafe.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
62469b51c0dcd8ac0a2367a00f8ff4f4ab25bd661bca5b0c13beba7352aeb264.exe
.exe windows:5 windows x86 arch:x86

336d14fc1c0a5b9a47f63b9265b3ac60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedExchangeAdd
ReadConsoleInputW
SetTapeParameters
GetTapeStatus
WaitNamedPipeA
GetTickCount
CreateFileA
GetPrivateProfileSectionA
SetEvent
RequestDeviceWakeup
WriteProcessMemory
FreeConsole
SetConsoleTitleW
LoadLibraryA
VirtualAlloc
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
SetDefaultCommConfigA
CommConfigDialogA
GetFileAttributesA
HeapLock
HeapReAlloc
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameA
CreateMutexW
WaitForSingleObject
lstrlenA
CreateActCtxA
LocalAlloc
ReadFile
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

advapi32

CloseEventLog
DeregisterEventSource
BackupEventLogW
RegQueryValueExA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zodeno
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nugugu
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hip
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
63076c7fcd1f03f041f4da5128cad837b15dad22ea11bc864b080d1e08f17d8a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 571KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
648778ad6bb36e63c7a3f02f6e8dca1aef60c0e89dac5ac66787ab6178217d12.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 258KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6582600d263bcc88e7e4e2d2cb2da2abac8bfcf442a7278915b9d76406c5871f.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 571KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
69a2c1a336d492b055dca22fade8ce459865fd26883ac8587a6c3e7048d1a225.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6a2295b980560241c2c6c5b9d59b056092b1f1958f4631c86ad8706ae49cfe1f.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6ccd86c69700795c6cbccec0c6daf94ad3ee01f559657c060dcdded96765247d.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 541KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6cf1ee68f514c634622192726b74dacd4d6d6437f8d36ba1ad63250a18eee163.exe
.exe windows:5 windows x86 arch:x86

8af848d6a59be77b5274c986c29a1f90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedCompareExchange
ReadConsoleInputW
SetTapeParameters
GetTapeStatus
WaitNamedPipeW
GetTickCount
CreateFileA
GetPrivateProfileSectionW
SetEvent
RequestDeviceWakeup
LocalLock
AllocConsole
SetConsoleTitleW
LoadLibraryA
VirtualAlloc
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
SetDefaultCommConfigA
CommConfigDialogW
GetFileAttributesA
HeapLock
HeapReAlloc
GetUserDefaultLangID
lstrcatA
GetVolumePathNamesForVolumeNameA
SetLastError
WriteConsoleOutputAttribute
CreateMutexA
WaitForSingleObject
lstrlenA
CreateActCtxA
WriteProcessMemory
ReadFile
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
SetFilePointer
CloseHandle
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoW

advapi32

CloseEventLog
DeregisterEventSource
BackupEventLogW
RegQueryValueExA

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dugitor
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wer
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.soho
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dejo
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7280f0f9c670efb22646ad033d758367934cabf9bc2c47e12a33160ec718e23b.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
72b647a2e58faa83773fdbd4b2a5a92bef77451bcd7f145bf1e9d774c0df6b0d.exe
.exe windows:5 windows x86 arch:x86

36a15ed1f185a535c5dde459f2d9f10a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetLocalTime
IsBadHugeReadPtr
LoadResource
_lwrite
ReadConsoleA
GetModuleHandleW
GetPriorityClass
GlobalAlloc
LoadLibraryW
Sleep
GetPrivateProfileStructW
SetSystemPowerState
lstrlenW
FreeLibraryAndExitThread
GetLastError
GetCurrentDirectoryW
IsValidCodePage
UnhandledExceptionFilter
BuildCommDCBAndTimeoutsW
WaitForMultipleObjects
CreatePipe
WaitCommEvent
CreateMutexA
VirtualProtect
FindAtomW
lstrcpyW
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapFree
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetModuleHandleA
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

_fgeek@8

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7623c4c278da84e0e4478768dc906e32b99527a9eab8efc7a2c171d5910b6236.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
769e55d42d07e669ba0454cde78b97e56c905df32c157ba36601e986eb2e3006.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
79af1ca780d1e68429cc543c82e08511ff2d56810773e80542a7ec604b77415f.exe
.exe windows:5 windows x86 arch:x86

93307125965b3c943b2ea342672da7d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetLocalTime
IsBadHugeReadPtr
LoadResource
_lwrite
SleepEx
ConnectNamedPipe
GetModuleHandleW
ReadConsoleW
GetPriorityClass
GlobalAlloc
Sleep
GetPrivateProfileStructW
GetSystemPowerStatus
lstrlenW
RaiseException
FreeLibraryAndExitThread
GetLastError
GetCurrentDirectoryW
IsValidCodePage
LoadLibraryA
BuildCommDCBAndTimeoutsW
WaitCommEvent
CreateMutexA
VirtualProtect
FindAtomW
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapFree
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
GetFileType
CreateFileA
HeapAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetModuleHandleA
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

_fgeek@8

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7a8d251b8627ef87f52c7cadb0879da6041fcd022d94202bf6a89434fe65ea58.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
805b118b0b1f97a4ef66bc39e4b8e6bcbbcf4a348559b658c764089cea8de171.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
85c0dfeca0321fe06f275f799173403eb43ef723dcf39130afe2beb9b808c950.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
86701150bdc6f4a35dea19f3cd0e221a67804541404f1717988eba110949beb6.exe
.exe windows:5 windows x86 arch:x86

e752a8121610b7ddd2bfa51838027f4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
lstrlenA
CopyFileExW
WriteConsoleOutputCharacterA
GetCommState
SetDefaultCommConfigW
SetEnvironmentVariableW
CancelWaitableTimer
GetModuleHandleW
GetWindowsDirectoryA
WriteFile
LoadLibraryW
GetSystemPowerStatus
GetCalendarInfoW
GetSystemWindowsDirectoryA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetTimeZoneInformation
CreateActCtxA
GetStringTypeExA
LCMapStringA
GetConsoleAliasesW
GetLastError
GetProcAddress
HeapUnlock
ResetEvent
LocalAlloc
OpenEventA
SetSystemTime
GetModuleFileNameA
CreateMutexA
CreateMailslotA
WriteConsoleOutputAttribute
ReleaseMutex
FindAtomW
CloseHandle
QueryDepthSList
CommConfigDialogW
CompareStringW
CompareStringA
GetModuleHandleA
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryA
SetEnvironmentVariableA

winhttp

WinHttpCloseHandle

msimg32

TransparentBlt

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8745cc5a6a7ce5ca583d39571fb4cc83cd2db88b60d4e37aca251ad9bf8afdec.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8f5d5e7c8c1e73a33051af2cbd5e0a235e12b52a5bda36defe8abda038ca579a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8f813c26e586aed0873d44b962b543322b4adb5af196ba6c82b731908f17fbc6.exe
.exe windows:5 windows x86 arch:x86

58c5b4a4e6585583eb17fdebe2b4c7f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesW
SetDefaultCommConfigA
SetPriorityClass
SetTapeParameters
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
WriteFile
GetPrivateProfileIntA
Sleep
GetPrivateProfileStructW
SizeofResource
GetSystemTimeAdjustment
lstrlenW
RaiseException
GetThreadContext
FreeLibraryAndExitThread
SetVolumeLabelW
GetConsoleDisplayMode
BuildCommDCBW
LoadLibraryA
CreateSemaphoreW
LocalAlloc
AddAtomW
SetSystemTime
_lread
CreateMutexA
VirtualProtect
CloseHandle
GetSystemTime
lstrcpyA
GetSystemDefaultLangID
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetStartupInfoW
GetCPInfo
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

gdi32

GetCharWidthA

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 43.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
925a9aa1ce8c4c7578c051320d63e17fe93d49b4efcbc4d8323f8974974d0301.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9360c37c25bac4bea2f6a2683c69c2747c1abd3b5382e44f9a1b1f9f4a2d24d7.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9c7799d2186532c5e0302827125b0b314f7fc29f767a8fffd44313073f999623.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9d0ba879abf6cdd4a2d29d3b51a93036983f76b345795778da77086a69e5ae81.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9d9adbb582a6c41d5f00a887ced5e1808498b8a192ea0de87861d8a28b7f5626.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9e3e3ae08afe0439921580379ee8cc360f05aec8b89aab0b4776ab339f9a9c5a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 291KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9fbeb2b2e45acd0aa1d990056fb7053b56d7d223c816f294450ea942b2540a50.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 252KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
__MACOSX/._7623c4c278da84e0e4478768dc906e32b99527a9eab8efc7a2c171d5910b6236.exe
__MACOSX/._8745cc5a6a7ce5ca583d39571fb4cc83cd2db88b60d4e37aca251ad9bf8afdec.exe
__MACOSX/._8f5d5e7c8c1e73a33051af2cbd5e0a235e12b52a5bda36defe8abda038ca579a.exe
__MACOSX/._9360c37c25bac4bea2f6a2683c69c2747c1abd3b5382e44f9a1b1f9f4a2d24d7.exe
__MACOSX/._c8c3e9184bece912075aee5b4c309ac4d78596a743bb5d8073d9f6f985d808d8.exe
__MACOSX/._f51dc8d25320614cab7e1482f69e16c17dcfe5f4549aac897f1026c467433087.exe
a27529b4173a75b33d4b5c087a59c52d21eacb310f24d867d7e5e05b9d466bd0.exe
.exe windows:5 windows x86 arch:x86

f22f07aa786112ccfb2638640c0f8af3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesW
SetDefaultCommConfigA
CreateMutexW
SetPriorityClass
SetLocalTime
BuildCommDCBAndTimeoutsA
LoadResource
DeleteVolumeMountPointA
WriteTapemark
_lwrite
ReadConsoleA
SetComputerNameW
SleepEx
SetTapeParameters
GetProcessPriorityBoost
GetModuleHandleW
GlobalAlloc
GetSystemPowerStatus
SetSystemTimeAdjustment
GetConsoleWindow
GetTimeZoneInformation
lstrlenW
FreeLibraryAndExitThread
GetLastError
GetTapeStatus
SetVolumeLabelW
MoveFileW
GetLocalTime
LoadLibraryA
CreateSemaphoreW
UnhandledExceptionFilter
AddAtomW
GetPrivateProfileStructA
VirtualProtect
GetCurrentDirectoryA
lstrcpyA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
GetStartupInfoW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW

winhttp

WinHttpCloseHandle

Sections

.text
Size: 497KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a478b3698e1eceec8b95921a2dc77e35963e89e2f59356b06fba58d799787d46.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 575KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a66e47b09e9ac88cb26659febaab3a8cb2719913bcad597ad76806ef0e07d0b1.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a68083fd2b333868463f4e7ef647952df6018599a36b3cd43f1aab611baeafa5.exe
.exe windows:5 windows x86 arch:x86

4183a34b0f44d7bbb08c5e0b26083c04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesW
SetDefaultCommConfigA
CreateMutexW
SetPriorityClass
SetLocalTime
BuildCommDCBAndTimeoutsA
LoadResource
DeleteVolumeMountPointA
WriteTapemark
_lwrite
ReadConsoleA
SetComputerNameW
SleepEx
SetTapeParameters
GetProcessPriorityBoost
GetModuleHandleW
GlobalAlloc
GetSystemPowerStatus
SetSystemTimeAdjustment
GetConsoleWindow
GetTimeZoneInformation
lstrlenW
FreeLibraryAndExitThread
GetLastError
GetTapeStatus
SetVolumeLabelW
MoveFileW
GetLocalTime
LoadLibraryA
CreateSemaphoreW
UnhandledExceptionFilter
AddAtomW
GetPrivateProfileStructA
VirtualProtect
GetCurrentDirectoryA
lstrcpyA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
GetStartupInfoW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aaf1731372809752584667323d5a516266ab1ec46444d24e7006b7ed2581798a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
abba51f2028ea416d6e713008de6f545e5304ef660b0ffda8f616cc49df74ee0.exe
.exe windows:5 windows x86 arch:x86

6412a84e5f0e95dd2448ef4bd64356dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
CreateMutexW
lstrlenA
CopyFileExW
WriteConsoleOutputCharacterA
GetCommState
SetDefaultCommConfigW
SetEnvironmentVariableW
CancelWaitableTimer
GetModuleHandleW
GetWindowsDirectoryA
WriteFile
LoadLibraryW
GetSystemPowerStatus
GetCalendarInfoW
GetSystemWindowsDirectoryA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetTimeZoneInformation
CreateActCtxA
GetStringTypeExA
LCMapStringA
GetConsoleAliasesW
GetLastError
GetProcAddress
HeapUnlock
ResetEvent
LocalAlloc
OpenEventA
SetSystemTime
GetModuleFileNameA
CreateMailslotA
WriteConsoleOutputAttribute
DuplicateHandle
ReleaseMutex
FindAtomW
QueryDepthSList
CommConfigDialogW
CompareStringW
CompareStringA
GetModuleHandleA
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryA
SetEnvironmentVariableA

winhttp

WinHttpCloseHandle

msimg32

TransparentBlt

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
adb2528bfb0f10b1a0d7d1cf83aafe7cb2ed002b3abeb5bbf366abd257242185.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
afaf8e2bdc6d38d411f06faeef2914baf0eb08d691deeb95534c86ed5cc3d8b4.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b57afa7f5c70ca98471ca50164af80bebbc3eba33c6f2965fcb0c9da0033fb83.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b5c61fdce2ac3fb9a172650f06b4c9be7b0d7c7db3d474b2b7b4ca96e85689d4.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b8bad264282d7f961a36f2b660d498f494b66c0f2be60bc65305e14425c1a944.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 575KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bc2cb0c45991b1e78788934f5109833bbd70fff09c19f31ab043ce233ac980f8.exe
.exe windows:5 windows x86 arch:x86

6412a84e5f0e95dd2448ef4bd64356dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
CreateMutexW
lstrlenA
CopyFileExW
WriteConsoleOutputCharacterA
GetCommState
SetDefaultCommConfigW
SetEnvironmentVariableW
CancelWaitableTimer
GetModuleHandleW
GetWindowsDirectoryA
WriteFile
LoadLibraryW
GetSystemPowerStatus
GetCalendarInfoW
GetSystemWindowsDirectoryA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetTimeZoneInformation
CreateActCtxA
GetStringTypeExA
LCMapStringA
GetConsoleAliasesW
GetLastError
GetProcAddress
HeapUnlock
ResetEvent
LocalAlloc
OpenEventA
SetSystemTime
GetModuleFileNameA
CreateMailslotA
WriteConsoleOutputAttribute
DuplicateHandle
ReleaseMutex
FindAtomW
QueryDepthSList
CommConfigDialogW
CompareStringW
CompareStringA
GetModuleHandleA
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryA
SetEnvironmentVariableA

winhttp

WinHttpCloseHandle

msimg32

TransparentBlt

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c1b4b00d1d5f591386f9ed5f6b36dc6bea12dbf96d858ae91fc04588d256c776.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 573KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c31d8149871f40df584d40490601f58579cd7c00fb6d55c8f83ab727cb4fff1e.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c643dd68857d66d3f9286b721b45dafbb179941d156c27374c69255152d18fbb.exe
.exe windows:5 windows x86 arch:x86

2d817810c310bed438931a97a6627f26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapUnlock
GetModuleHandleA
InterlockedExchangeAdd
ReadConsoleInputA
SetTapeParameters
SetTapePosition
CreateMutexW
GetLastError
CreateFileA
GetPrivateProfileSectionA
SetEvent
WriteProcessMemory
FreeConsole
SetConsoleTitleA
LoadLibraryA
VirtualAlloc
GetSystemWindowsDirectoryA
GetWindowsDirectoryW
SetDefaultCommConfigA
CommConfigDialogA
GetFileAttributesA
HeapAlloc
HeapCompact
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameW
WaitForSingleObject
lstrlenA
CreateActCtxA
RequestDeviceWakeup
ReadFile
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapReAlloc
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

advapi32

CloseEventLog
DeregisterEventSource
BackupEventLogW
RegQueryValueExA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wijefi
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tiyisut
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cecom
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.coxo
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pedeb
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c74f51e3e79b8330fa8b02c0b63376fc473c0cf75561bcae60e392e0801e27c8.exe
.exe windows:5 windows x86 arch:x86

cd51e200d0ca05491e05bb8226c490ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapUnlock
GetModuleHandleA
InterlockedExchangeAdd
ReadConsoleInputA
SetTapeParameters
GetTapeStatus
CreateMutexW
GetTickCount
CreateFileA
GetPrivateProfileSectionA
SetEvent
LocalAlloc
WriteProcessMemory
FreeConsole
SetConsoleTitleW
LoadLibraryA
VirtualAlloc
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
SetDefaultCommConfigA
CommConfigDialogA
GetFileAttributesA
HeapLock
HeapCompact
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameA
WaitForSingleObject
lstrlenA
CreateActCtxA
RequestDeviceWakeup
ReadFile
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapReAlloc
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

advapi32

CloseEventLog
DeregisterEventSource
BackupEventLogW
RegQueryValueExA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cam
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.deyu
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fewisin
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.poxuxer
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.yohi
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c8c3e9184bece912075aee5b4c309ac4d78596a743bb5d8073d9f6f985d808d8.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c9fac6fb83e346781e468c9056325a78d7ce0f02f09648052ddc54c6855cc56a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 73.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 567KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cab4a8c4e53c13674d5380248fc53be7f5f73b289ac770e2c18f4e491ec27a44.exe
.exe windows:5 windows x86 arch:x86

927b7559f2fb3703e35f38335fa8eec9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
SetDefaultCommConfigA
CreateMutexW
HeapCompact
GetLocaleInfoA
WriteConsoleOutputCharacterA
HeapAlloc
EndUpdateResourceW
InterlockedCompareExchange
GetTickCount
GetConsoleTitleA
WriteFile
CreateActCtxW
ReadConsoleInputA
GetSystemPowerStatus
GetSystemWindowsDirectoryA
GetFileAttributesW
SetSystemPowerState
GetGeoInfoA
GetModuleFileNameW
lstrlenW
SetTapePosition
LCMapStringA
AttachConsole
VirtualAlloc
BeginUpdateResourceW
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
SetConsoleWindowInfo
GetTapeParameters
WaitForMultipleObjects
GetVolumePathNamesForVolumeNameA
GetModuleHandleA
RequestDeviceWakeup
CreateMailslotA
ReleaseMutex
CloseHandle
GetWindowsDirectoryW
GetPrivateProfileSectionW
WriteProcessMemory
lstrcpyW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.raveroh
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacf201e63675fefbfd6a6530fc9a0dbc73732d162693696f135a3d42285d26b.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cc0a175f2bcf2dbf669fb17a8f2dc0152a4a220b2eb1f87e57ac5d8c67ecbc89.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cd2133c0391dd80355f89a1b31bc70aaded874791decd45a2922712d2472ad13.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ce993a84afea5c71d27afef3ea6b04788571535c6c59ff59659018292b96d2aa.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
d70d18ee4fd3796580be25637bd5fd596cb2c9f6b9d0c6042d8d4be3149047cb.exe
.exe windows:5 windows x86 arch:x86

a150a72ac62045a6f010b09d71a8d7c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
HeapReAlloc
CreateFileA
SetDefaultCommConfigA
CreateMutexW
GetLocaleInfoA
WriteConsoleOutputCharacterA
HeapAlloc
InterlockedCompareExchange
GetModuleHandleW
WriteFile
GetSystemPowerStatus
GetSystemWindowsDirectoryA
GetVolumePathNamesForVolumeNameW
GetFileAttributesW
SetSystemPowerState
GetGeoInfoA
GetModuleFileNameW
CreateActCtxA
lstrlenW
SetTapePosition
LCMapStringA
GetLastError
AttachConsole
VirtualAlloc
LoadLibraryA
SetConsoleCtrlHandler
SetConsoleWindowInfo
GetTapeParameters
WaitForMultipleObjects
RequestDeviceWakeup
CreateMailslotA
GetConsoleTitleW
ReleaseMutex
ReadConsoleInputW
CloseHandle
GetWindowsDirectoryW
WriteProcessMemory
lstrcpyW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
HeapFree
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d7353ab37cd95b8b37f79d5dd720314cb17ee3db8a1122034f5339384002d436.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
db905898044cc06bb7be8ba0afc3d132d039d616f4437f2389666418a295afa2.exe
.exe windows:5 windows x86 arch:x86

ccf83d4d578e10679893ce9c835c738c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
CreateMutexW
lstrlenA
CopyFileExW
CommConfigDialogA
WriteConsoleOutputCharacterA
GetCommState
SetDefaultCommConfigW
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
CancelWaitableTimer
GetModuleHandleW
GetWindowsDirectoryA
WriteFile
LoadLibraryW
GetSystemPowerStatus
GetCalendarInfoW
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetTimeZoneInformation
CreateActCtxA
lstrcatA
GetStringTypeExA
GetConsoleAliasesW
GetLastError
VirtualAlloc
HeapUnlock
ResetEvent
LocalAlloc
OpenEventA
GetModuleFileNameA
CreateMailslotA
WriteConsoleOutputAttribute
DuplicateHandle
ReleaseMutex
FindAtomW
QueryDepthSList
GetSystemTime
LCMapStringW
CompareStringW
CompareStringA
GetModuleHandleA
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
GetStdHandle
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

winhttp

WinHttpCloseHandle

msimg32

TransparentBlt

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 66.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e020145e58c0599ded40b24318964253ff6dc25cbab69d10c2b3f37874300e77.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 308KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e16ee4a88f8f2eb2de3aaf8b93d5066f857d1ea9c2ef19a833c43ecf9d7650a2.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e252230d0c271733676be525a5c56e728959fafc78aeec959dea601f69416aa6.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e78339fa08b3f43fc6b28b4c39929d3d44f372bdee1ed4c3f7ea7212bc5ea6d1.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e8adc9d05dde0a38c36913d5375485fc539b2f1b4df2e3f48d0ca750b7608a9f.exe
.exe windows:5 windows x86 arch:x86

762627401d11fc10d31e1c6d301f7bb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
IsBadHugeReadPtr
LoadResource
_lwrite
SleepEx
ReadConsoleW
GetPriorityClass
Sleep
GetPrivateProfileStructW
GetSystemPowerStatus
CreateSemaphoreA
SetTimeZoneInformation
lstrlenW
DisconnectNamedPipe
RaiseException
FreeLibraryAndExitThread
GetLastError
IsDBCSLeadByteEx
MoveFileW
IsValidCodePage
SetComputerNameA
GetLocalTime
LoadLibraryA
LocalAlloc
BuildCommDCBAndTimeoutsW
SetConsoleDisplayMode
WaitCommEvent
GetModuleHandleA
CreateMutexA
FreeEnvironmentStringsW
EnumResourceNamesA
VirtualProtect
GetCurrentDirectoryA
FindAtomW
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
GetFileType
CreateFileA
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetLocaleInfoW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eac3ff73f2a9f6e838cd488f4368a3b7a613343f30a89425eb1519f03ae4c603.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f4ef9e683288a1603a36158ba9b80a7b8ac4e9e291f3be1f18b3b58c1491ac98.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

db:ab:20:02:08:f7:4b:8e:b5:ab:7b:ec:fb:03:93:f3:14:e9:c5
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

26-10-2020 17:04

Not After

26-11-2020 17:04

Subject

CN=anohina jekaterin4,C=UK,1.2.840.113549.1.9.1=#0c1b616e6f68696e616a656b61746572696e344079616e6465782e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21-04-2009 12:15

Not After

14-04-2028 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:62:b6:9e:57:b3:7e:b7:3a:19:75:38:a9:3a:c6:ed:e7:93:e6:2a:13:b7:77:ff:1c:36:e0:79:b5:41:18:0f
Signer

Actual PE Digest

15:62:b6:9e:57:b3:7e:b7:3a:19:75:38:a9:3a:c6:ed:e7:93:e6:2a:13:b7:77:ff:1c:36:e0:79:b5:41:18:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f51dc8d25320614cab7e1482f69e16c17dcfe5f4549aac897f1026c467433087.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 67.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 212KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f55556dfed957b15737e1a9e5d9810031c6c12e908f92f4ec1678cf2afb3cea2.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 76.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 332KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f55d71641e8355d432d3777599a3e289ecc2f236244663c96a8370bcafb9e501.exe
.exe windows:5 windows x86 arch:x86

187219f3546e865a0efcc61fa5a016a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathW
SetPriorityClass
SetThreadContext
SetLocalTime
ReadConsoleA
CompareFileTime
GetNamedPipeHandleStateA
SleepEx
CallNamedPipeW
GetModuleHandleW
GetTickCount
WriteFile
SetProcessPriorityBoost
GlobalAlloc
LoadLibraryW
TerminateThread
WritePrivateProfileStructW
SetVolumeLabelA
lstrlenW
DeactivateActCtx
GetPrivateProfileIntW
IsDBCSLeadByteEx
GetConsoleDisplayMode
GetLocalTime
LocalAlloc
SetConsoleDisplayMode
AddAtomW
GetPrivateProfileStructA
GetThreadPriority
_lread
EnumResourceNamesA
VirtualProtect
CompareStringA
CloseHandle
lstrcpyW
CreateSemaphoreA
GetSystemDefaultLangID
CreateFileA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
VirtualAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetModuleHandleA
FlushFileBuffers
ReadFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

gdi32

GetCharWidthW

winhttp

WinHttpCloseHandle

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f72a7a219b3126a0da0a1c0217170f3be1fe97d3ef78d7b165690489b9d8680f.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f82c6a144f3fd0f89565d6cd16c841335f40a4da07c667d9f73828f72b85171a.exe
.exe windows:5 windows x86 arch:x86

336d14fc1c0a5b9a47f63b9265b3ac60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedExchangeAdd
ReadConsoleInputW
SetTapeParameters
GetTapeStatus
WaitNamedPipeA
GetTickCount
CreateFileA
GetPrivateProfileSectionA
SetEvent
RequestDeviceWakeup
WriteProcessMemory
FreeConsole
SetConsoleTitleW
LoadLibraryA
VirtualAlloc
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
SetDefaultCommConfigA
CommConfigDialogA
GetFileAttributesA
HeapLock
HeapReAlloc
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameA
CreateMutexW
WaitForSingleObject
lstrlenA
CreateActCtxA
LocalAlloc
ReadFile
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

advapi32

CloseEventLog
DeregisterEventSource
BackupEventLogW
RegQueryValueExA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.deyo
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xob
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gimi
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f909c8802583d1b8372b3176a1d30d053ac3b4a4ca7b5a2476f4d831c89b5347.exe
.exe windows:5 windows x86 arch:x86

6059952b2f0e29621bc847dba7d1b6d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
SetPriorityClass
SetThreadContext
SetLocalTime
LoadResource
ReadConsoleA
SetDefaultCommConfigW
SleepEx
CallNamedPipeW
GetProcessPriorityBoost
GetModuleHandleW
GetTickCount
WriteFile
GetPrivateProfileIntA
SizeofResource
SetSystemTimeAdjustment
TerminateProcess
SetVolumeLabelA
FreeLibraryAndExitThread
LoadLibraryA
CreateSemaphoreW
LocalAlloc
PostQueuedCompletionStatus
AddAtomA
GetPrivateProfileStructA
_lread
EnumResourceNamesA
BuildCommDCBA
VirtualProtect
CloseHandle
lstrcpyW
lstrlenW
GetSystemDefaultLangID
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetCurrentProcessId
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetLocaleInfoW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA

gdi32

GetCharWidthW

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 43.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fc18ed3d18dedf685aa9ea1ffd65c2d19ea32d3891cdaaa4651e6a08d0cbbd22.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Sections

UPX0
Size: - Virtual size: 77.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 570KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fde0db0313817e4118ed1c71055301bcc8148ffec985eabdfeb9eb3427510387.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ff992fa10d45e6c54dd1581207242a052ebdbd6b0d9bcb2e4994709329bb68a1.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 77.2MB

UPX1 Size: 260KB - Virtual size: 264KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 118KB - Virtual size: 76.5MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 838KB - Virtual size: 838KB

.reloc Size: 38KB - Virtual size: 37KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 77.2MB

UPX1 Size: 252KB - Virtual size: 252KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 118KB - Virtual size: 76.5MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 843KB - Virtual size: 843KB

.reloc Size: 36KB - Virtual size: 35KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 77.2MB

UPX1 Size: 251KB - Virtual size: 252KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 119KB - Virtual size: 76.5MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 841KB - Virtual size: 841KB

.reloc Size: 36KB - Virtual size: 35KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 67.4MB

UPX1 Size: 323KB - Virtual size: 324KB

.rsrc Size: 26KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 263KB - Virtual size: 262KB

.data Size: 20KB - Virtual size: 66.5MB

.tls Size: 48KB - Virtual size: 47KB

.rsrc Size: 918KB - Virtual size: 918KB

.reloc Size: 22KB - Virtual size: 21KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 67.5MB

UPX1 Size: 264KB - Virtual size: 264KB

.rsrc Size: 26KB - Virtual size: 28KB

Headers

UPX0
Size: - Virtual size: 77.2MB

UPX1
Size: 260KB - Virtual size: 264KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 118KB - Virtual size: 76.5MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 838KB - Virtual size: 838KB

.reloc
Size: 38KB - Virtual size: 37KB

UPX0
Size: - Virtual size: 77.2MB

UPX1
Size: 252KB - Virtual size: 252KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 118KB - Virtual size: 76.5MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 843KB - Virtual size: 843KB

.reloc
Size: 36KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 77.2MB

UPX1
Size: 251KB - Virtual size: 252KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 119KB - Virtual size: 76.5MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 841KB - Virtual size: 841KB

.reloc
Size: 36KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 67.4MB

UPX1
Size: 323KB - Virtual size: 324KB

.rsrc
Size: 26KB - Virtual size: 28KB

.text
Size: 263KB - Virtual size: 262KB

.data
Size: 20KB - Virtual size: 66.5MB

.tls
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 918KB - Virtual size: 918KB

.reloc
Size: 22KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 67.5MB

UPX1
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 26KB - Virtual size: 28KB

.text
Size: 210KB - Virtual size: 209KB

.data
Size: 20KB - Virtual size: 66.5MB

.tls
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 918KB - Virtual size: 917KB

.reloc
Size: 22KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 77.1MB

UPX1
Size: 576KB - Virtual size: 576KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1.2MB - Virtual size: 77.5MB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 42KB - Virtual size: 41KB

UPX0
Size: - Virtual size: 77.2MB

UPX1
Size: 250KB - Virtual size: 252KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 118KB - Virtual size: 76.5MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 841KB - Virtual size: 841KB

.reloc
Size: 36KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 67.5MB

UPX1
Size: 308KB - Virtual size: 312KB

.rsrc
Size: 26KB - Virtual size: 28KB