mirai | bbdfbae01162597428b8a4538245e09cb393945a54bea8cea69d6307ab60fe43

Sharing

Copy URL

Twitter E-mail

General

Target

bbdfbae01162597428b8a4538245e09cb393945a54bea8cea69d6307ab60fe43
Size

90.2MB
MD5

a39f8cc07a7b3c6db1cfaad3e4b3383e
SHA1

8e7aeba56e32a4301bd1eb633ee1514e9d26a711
SHA256

bbdfbae01162597428b8a4538245e09cb393945a54bea8cea69d6307ab60fe43
SHA512

93186a07eb3aae69a12763a2e52212472ed42ad1110018ee6110e6be0b9d2312508e80c4f9383f0adc1a0c9c0eef1b99a2cf51ee81de8edbb74e3c89864b175d
SSDEEP

1572864:yv9864dtqYvtZ0Evj4a+LmNwnUgqezUogaeNy5vX9lvHAXbiAuUkhBH/i:699YVZFs9m2UgqeUacy5v9lYXmAHkvH6

Score

10^/10

lzrd demons upx themida vmprotect kyton mirai pegasus pony bitrat oski agenttesla

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

pony

http://afobal.cl/mine/gate.php

Attributes

payload_url
http://myp0nysite.ru/shit.exe

Extracted

Family

bitrat

Version

1.38

212.192.241.41:6841

Attributes

communication_password
e72610b23aa4dbaeb87425418271ad12
tor_process
tor

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

oski

aegismd.ca/cgi/

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

KYTON

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.ombakparadise.com
Port:
587
Username:
[email protected]
Password:
ce$%^mirah

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
static1/unpack001/e40736bc19f0008189f281f42cdfddf5bcf6a8c70a89e7bccd0aa0eb797edd22.exe	family_agenttesla

Agenttesla family
agenttesla
Bitrat family
bitrat
Mirai family
mirai
Oski family
oski
Pegasus family
pegasus

Pegasus payload 2 IoCs

resource	yara_rule
static1/unpack007/Pegasus/144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e	family_pegasus1
static1/unpack007/Pegasus/cc9517aafb58279091ac17533293edc1	family_pegasus1

Pony family
pony

Patched UPX-packed file 8 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/27d5dc849a3e426aeb25a7db43dccb99ac2ce9716050fdc524d6c76864ad1b28.elf	patched_upx
static1/unpack001/6020642d043b8ed32fd22a6d60574088a02c5ba4d42dcf587aae0c595cef7e9f.elf	patched_upx
static1/unpack001/627cfbd869a572cbfd0e182e63af679b72ac7be3fdeb90343fc50bf8d524ef26.elf	patched_upx
static1/unpack001/9b4fae2c14959e9b7c1f313e4419b57c079d4f17a78e770715e4941d0c40d50b.elf	patched_upx
static1/unpack001/b5dd380d36de73ac0818b2f8c6ea98a93c961f7552c83be8285b887dc7cf52fc.elf	patched_upx
static1/unpack001/ca479784999f97003acbf7068af8492747bfbf49da6092ff5e279b529fd85d9c.elf	patched_upx
static1/unpack001/d75243f3a864399bf3f3d35999e0e8d26225233e9d1ef6219ae8cf6f817bae22.elf	patched_upx
static1/unpack001/db1b04ed7776bef94dbd281789c49ec4830354006f491eeb0e4c8690d7f8e5f9.elf	patched_upx

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/196e6323c5ffd2105f1159a77c1b1cb583deb9d27875232f5fae5635a39a637d.exe	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/2ad586c305e9ac8d4f0348bc714af4b52f885bc0a77fb267ece445188b1d3eb8.exe	vmprotect

Requests dangerous framework permissions 23 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to monitor incoming MMS messages.	android.permission.RECEIVE_MMS
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to receive WAP push messages.	android.permission.RECEIVE_WAP_PUSH
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/10fa492d71b29b06ddec26b6d475bf42a6068e5a245aafc90d135b6d571c7527.elf	upx
static1/unpack001/1f59f32d84315202495176b76490924a00d585b099e31a0e199fbceb21e4ecfb.elf	upx
static1/unpack001/27d5dc849a3e426aeb25a7db43dccb99ac2ce9716050fdc524d6c76864ad1b28.elf	upx
static1/unpack001/4131ccbef9251524c0b1f72439733b31d69cb1f2b1849fdc87a5b04fce0a3d82.exe	upx
static1/unpack001/5dc5d009a19088a3c39c66eb561c7444eaebf1b46ff2982ece0b4352ba769fa2.exe	upx
static1/unpack001/6020642d043b8ed32fd22a6d60574088a02c5ba4d42dcf587aae0c595cef7e9f.elf	upx
static1/unpack001/627cfbd869a572cbfd0e182e63af679b72ac7be3fdeb90343fc50bf8d524ef26.elf	upx
static1/unpack001/710586205a09403fa73044e40d3c9bcb12bb2199b3f716f3cdd8977ea39ecaa0.elf	upx
static1/unpack001/9541a8a475645e016ef6a900070e1c5f9044a1d025fdab2769df27adfaed5b26.elf	upx
static1/unpack001/9b4fae2c14959e9b7c1f313e4419b57c079d4f17a78e770715e4941d0c40d50b.elf	upx
static1/unpack001/b5dd380d36de73ac0818b2f8c6ea98a93c961f7552c83be8285b887dc7cf52fc.elf	upx
static1/unpack001/ca479784999f97003acbf7068af8492747bfbf49da6092ff5e279b529fd85d9c.elf	upx
static1/unpack001/cf1b60af0b79e5fbadeac880b93e4fcd1633fa8b8fbf45a1bf5341ded8740f2e.elf	upx
static1/unpack001/d75243f3a864399bf3f3d35999e0e8d26225233e9d1ef6219ae8cf6f817bae22.elf	upx
static1/unpack001/d8f8eb080fc088cfe84b0e92fabddaea1f82957fd499504d6582d0220ee0b960.elf	upx
static1/unpack001/db1b04ed7776bef94dbd281789c49ec4830354006f491eeb0e4c8690d7f8e5f9.elf	upx
static1/unpack001/e0232585400a3d5eac7dfc96e8244f298ea9a09a6f9dab32c57276236600b728.elf	upx

Unsigned PE 96 IoCs

Checks for missing Authenticode signature.

resource
unpack001/00c50c96fd2b57f718d98eb68cbcfa47c01f585a05babdf1b2cbf8c6491cd39a.exe
unpack001/05a6f0219a5a1d798e6765a35d9e6c03160fb0153dcedec3b090e8237a1f8937.exe
unpack002/Bank Swift Xlsx.exe
unpack001/0a9ff0b46182a441c0f9c021722817984ec884266c123d2fd6257f9c70d322ab.exe
unpack001/0c16b313253259d25a77c5019df1985e6c356c56f4ce19f8119829efec7db43d.exe
unpack001/0cff428e9607d1819a4da397dafba7380734315daaace0ea129144755cc5706f.exe
unpack001/0fc2088b8cb286ca22b3b753c133cca59414c6a1298fb76af5d54ddb6c61a873.exe
unpack001/10b52b26be692aea2c0365965a300d479698bdd72910592b55ea42dcb5a29e1b.exe
unpack001/11972f7634307a1756dbe8033b2dc51932e7ac47d17748bfacc604b54a732346.exe
unpack001/152265b11b39688bfa5dd656dddacf87c01515f70f62aeb3b1406138a77986d5.exe
unpack001/17f76c4326657a2e98267c4fc98e4a97207b2f52f4c2da129a77d419fd99b621.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UAC.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack003/$PROGRAMFILES/foler/olader/acledit.dll
unpack003/$PROGRAMFILES/foler/olader/acppage.dll
unpack003/$PROGRAMFILES/foler/olader/adprovider.dll
unpack003/4.exe
unpack003/vpn.exe
unpack001/20d0674ed0695e22dcbe87b9c93a73438e14d124963540af01cd6819e14dad0a.exe
unpack001/23215d1ae40c2b85e8e9a3013ded976e4b93facf52f4e54cd5e8bd0d43457880.exe
unpack001/26489e889e7fb78d2541ba5dbf3fffbaa048aabd4fa7d97bd59ba61080628141.exe
unpack001/288ee6a0a7438045829895271ee4051009a51cf69e578696f4ca3bb97ef4ea88.exe
unpack001/289ba811233a782f75871f0b1a4417ff458308bc24f67c2527dc04f05431b2aa.exe
unpack006/DEE Shah Snuil.exe
unpack001/2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640.exe
unpack001/2ad586c305e9ac8d4f0348bc714af4b52f885bc0a77fb267ece445188b1d3eb8.exe
unpack001/2c73ce1953b977e3582eec4f61a09d4bef2d8719439be495211ed0050ed8ef8d.exe
unpack001/2cba8012f3deb21e3f361d5a3f07cc794b6e18e63b07c98aa2cbd78233cee70e.exe
unpack001/2f13aeda87ac36d7d1ed671093fb1c713eebba7c3536ccf44486aad6ae679450.exe
unpack001/33481c488a99543df496bff3061593b892eb577fd6356f88b24b64b2dafce558.exe
unpack001/342115e2b3702673e9f1baf63f0d801598b525b66388fd6af88a1a4666228482.exe
unpack001/35b4822635133861f722ec498a51cfdcc055226058bc6cd245995e685e10be23.exe
unpack001/35ef835c77b1e02e025da29a69effd42fe689876819ad90b159de8b32d64c96e.exe
unpack001/4131ccbef9251524c0b1f72439733b31d69cb1f2b1849fdc87a5b04fce0a3d82.exe
unpack001/4acbafb8a79411abf461bc4ebe4ad1efe4abe663adcd7972588f6e98715217d8.exe
unpack001/4b65924095c8dd97ecabc1e571a9a98cb9d92bca306c964b5608533b021b4fe7.exe
unpack001/5077111b1030c224e7f95035c72a76aaba1cdb91c941962f12a32ab733007b91.exe
unpack001/5b74ce1d96a51a2083e32854851ac5152bca49293c4a598922fbc8de3f3d3b6b.exe
unpack001/5cb17b802166269da90ff64b01728c6bcb2ecb614ebcbc3361550faf8fc83609.exe
unpack001/5dc5d009a19088a3c39c66eb561c7444eaebf1b46ff2982ece0b4352ba769fa2.exe
unpack001/61d7cfe36e940d9edb7cade3591d5ec21f268d7ac851ea4d1a162d97569828f4.exe
unpack001/641ddfbeb79686d53e97f99b043550cde7d19ef91c6e611f02ad80f33daaf4ad.exe
unpack001/6b01154004b3baac2cc7701d8319f4cc7a7ef361e02937989849ccdbd35b3e88.exe
unpack001/6eafa7c61e42d196916baffa8392658241fe214d13edefeeffde6aa0619e3507.exe
unpack001/74bfc91ed6c4ae72b818ba36266e9854e6e3d9e75c2951308471b40917b24209.exe
unpack001/7d5a52529f559487fc8b8f960b9427fa75e71d33a7e88d682700ec095dd8158e.exe
unpack001/7f43c61b82d39675f2d712b96d7239e6bdc6d8d0b433e5584d0b9880cbab1775.exe
unpack001/81deb49cdc03f2707c4182e7e3cc101c5f44e19bf91a69486296d8744fc263de.exe
unpack001/838edfe6cbf7b8fb1f0d3d99535f15ef22b651fa82a9f31a50c3cae435a0af0c.exe
unpack001/85d8cd417a894c7c1a719251b626f9e038410a009f6d2a1a6b820a64d6e6ed2d.exe
unpack001/88efccdbd18a8f217304c67114fba6c25e329e9da1fedbae6e10974980946a2c.exe
unpack001/89b9fae297db7b35a1749f0a6c6e322ab31ae7dfc8e877cd48ee9f0119fe94c2.exe
unpack001/920c41d8452f38863c3aef0d289b63c5919ba1ad30d58e31382d797f1d4bbe9a.exe
unpack001/9419f9fe29e0bc64bc666521f777f4a4824d6f201052b80722cb18c23e4339ac.exe
unpack001/9610051a347d56ae5d91e3a3c471a2d90b5a4e02b2aa714f931d4cbe164eb42c.exe
unpack001/9ab3fd9a10978aa74e17f836865f7b97d9db2f755d22e96b851767cdf810a978.exe
unpack001/9ada0fc3f48bb867143b8c2b358420dda4bdaa946a52a8b8b8b9cad008ab6293.exe
unpack001/9b00972991e19436c8af32f2c15fe2d2ff92ef4c4687bba4d229c6c5086d7be2.exe
unpack001/a07d69dd026a965b082fd72600f691e6081d3b4132641987330424246d808b4c.exe
unpack001/a651672f98fba458ca8b6861557119c81d12afcb705c457d65dd2b44dcc499fe.exe
unpack001/a70f3046274661ba28e94997fed32284a261f8725a9cd15d423362ddeccaf6bf.exe
unpack001/a714b384ead6691104349c6ec14a430ec82d94f170da468f7eb9b59acb4f09c6.exe
unpack001/ace3a5e5849c1c00760dfe67add397775f5946333357f5f8dee25cd4363e36b6.exe
unpack001/b30c723982534b09ac7736e33151c7093403b96e8cbc0c9aa58bd7cfcb6a7e32.exe
unpack001/b654cc7509e9ae72e91b1481a3517558f2abd29395b422451a8c384ef968dbc5.exe
unpack001/b7352a1e60eb4204feeccd07b867ffc94296146cdd8c871206de42fdbb81e393.exe
unpack001/b910714d4bc0f2904265be74510d7da3f66cbd4325a8b41b8cdd80a2b980bd2b.exe
unpack001/bc10525a0911ba2c9c472e9d7130242e9f4c2c97bb0fce53bc4b97e42f8a2b36.exe
unpack001/bd62e723aff056a5f6dd9b9ece4f5ea4bae0a50cc3bdd5f4228fb265c2a96170.exe
unpack001/bf53b4b404f09c51fc30b4e683f5258b8172e0698ec61837da1e88a9704b37e8.exe
unpack001/c203f54c9cb5f39279de31e42b4ecf80fea8005d77c03ff20b1cd7cccd0c0620.exe
unpack001/c3ffdf4610bd08751b16fd31959ab8b1b2ba312a80e556a15ecdb22b9332c20e.exe
unpack001/c7ca76b5a68d28fa3a58546158bd58f0dccd4cc1e0da08ddbb6ac3b51c92aa99.exe
unpack001/c9459ace7e2f1d2e5a8a2afb4c3b6ab8cc88a0c2ca0d9781c045cc86ef36e6c8.exe
unpack001/cbf2b2eb00bc4a26013a386c1b00264b62c14de3c7ab42fda6565c460ad65c86.exe
unpack001/d3467bceb27c8533c1a904b34437aa2fd03963be8085f668a961b113feb75c5c.exe
unpack001/d4036c235fca73a67732d884564991184b7a8ea148784f0cd70fa07adbd8e160.exe
unpack001/d520edc59c5aee94806782d012efa7e0f905e90ce4e177f14cd612e7b8bb17ba.exe
unpack001/d6255b4b18e6f07c4708cf6344163dfe3197cf403957bf3085a6a737bb37b038.exe
unpack001/d8b42431b63037e8b1a15670af84ec3c3f03fe1e397425d410b82a1a35c388a9.exe
unpack001/d8e97b327ea157afd377759204ca29d44475f50030e1321fa6ca4b05d9c4aed0.exe
unpack001/d8ff9678e79ef65841256baae1bbbccea2ded7d6cb186e2abc2eb87ab0a867e4.exe
unpack001/dd631fc6635483d84cbd3836d4815e2f06107cbe18b16134dd9fca7ea9a4872d.exe
unpack001/e1130b856161680a39ebf5d759bd25663b598e69b6ef68721933958ac644a496.exe
unpack001/e40736bc19f0008189f281f42cdfddf5bcf6a8c70a89e7bccd0aa0eb797edd22.exe
unpack001/e8cb78d559909b23edb3a7f7c62cc9028444cc932773a873ab3f10be4f3449a5.exe
unpack001/ef1eceb9e2de5b7bf7b666f8b575e931a76079e76198e91a539af4f789a39b3b.exe
unpack001/efcb3bdfc24f6c61b31aea1b68305f73a77750eecd4186e97614dfc5f80aae71.exe
unpack001/f5be0ec35ef75583d71757fee81cff2d190b06fcf5dcd3683ebc2959472556db.exe
unpack001/f783fddd213ea27df398d887e7dadecc3ff7a60f4dff68254581a1d2c02a8291.exe
unpack001/f7c566ca7413a1259a7bcc120bc431a5ad129438b1e8b9b51c398d5eecfc51a5.exe
unpack001/fd95b0eb1d2a5650592de694cda956d9dcf0b1c3312fcb3273571f858762ae15.exe
unpack001/fdab0d14b8ed077af72b54dc7b78f1f458b7fe1d57758d8ed64a26a0d74eff64.exe
unpack001/ff5e0851fbdedf593a4d10347ce08b9c68ffc262078952a69e578d557aa5a1fc.exe

Files

bbdfbae01162597428b8a4538245e09cb393945a54bea8cea69d6307ab60fe43
.zip

Password: infected
00c50c96fd2b57f718d98eb68cbcfa47c01f585a05babdf1b2cbf8c6491cd39a.exe
.exe windows:5 windows x86 arch:x86

c53e08bb6beec713632928ff71fb4e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\lugi 48\putocovo\kecujekehip\royem\ni.pdb

Imports

kernel32

GetCPInfoExW
WriteConsoleInputW
ReadConsoleInputA
GetConsoleAliasA
SetCommTimeouts
InitializeSListHead
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
CreateActCtxW
CopyFileW
AttachConsole
ReleaseActCtx
ReadConsoleOutputW
GetSystemWindowsDirectoryA
GetStringTypeW
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
CloseHandle
GetUserDefaultLangID
LeaveCriticalSection
GetLongPathNameW
GetConsoleAliasesLengthA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

BackupEventLogA
AdjustTokenPrivileges

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
024bf5f59189e5578dabdef60f55f1675f6563ba9f3cc028397596c0b3a58ce8.elf
.elf linux
05a6f0219a5a1d798e6765a35d9e6c03160fb0153dcedec3b090e8237a1f8937.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 990KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
05ab47c520341a131fd07013153bc2df9f7954b13f387bf2a2e15e1d46a9694f.zip
.zip
Bank Swift Xlsx.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
07a5d8fbad6ee496b8ff07c1e8085a92a892b2788c5fa2a5d7e599080b6fd532.elf
.elf linux mipsel
07f22e9c1e4b0a1fadcbc9c8e5fd33f396f4415fe88901bab89756521d765809.elf
.elf linux ppc
083428863c14a04d4a179a3e0b21e9349805585226f971fc43c4784842271f74.elf
.elf linux arm
08f364a8accfbfc972aeca76586e11ab3367a663dd31e6d046cb9973b6da88b0.elf
.elf linux sh
0a52f644a577430406569d01e8257e9d30917fa2e535a789b42e019fd132f30d.elf
.elf linux
0a9ff0b46182a441c0f9c021722817984ec884266c123d2fd6257f9c70d322ab.exe
.exe windows:5 windows x86 arch:x86

f072aaf7476b5a5a056c892b505526e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vubu mafahiz.pdb

Imports

kernel32

SetFilePointer
lstrlenA
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
VirtualFreeEx
LoadLibraryW
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
VerLanguageNameA
CreateNamedPipeA
SetStdHandle
SetComputerNameA
BuildCommDCBW
GetLocalTime
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
VirtualLock
SetConsoleWindowInfo
FindAtomA
WriteProfileStringA
SetConsoleTitleW
VirtualProtect
CompareStringA
GetFileAttributesExW
GetCPInfoExA
_lopen
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
GetModuleHandleA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0b85f1a068b41f2529481734b5385e394f87d9da47c333327b23462b6e4ea29d.elf
.elf linux sh
0c16b313253259d25a77c5019df1985e6c356c56f4ce19f8119829efec7db43d.exe
.exe windows:5 windows x86 arch:x86

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hatabifih66\vojavafomeged\cesohe20\cet.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
CreateNamedPipeW
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
SetCalendarInfoA
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
FindActCtxSectionStringW
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0cff428e9607d1819a4da397dafba7380734315daaace0ea129144755cc5706f.exe
.exe windows:5 windows x64 arch:x64

11525613f6414fd0e2667f9ac72fe9d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\QQMusicPC-1810\pdbRelease\StartDesktopProjection64.pdb

Imports

kernel32

GetCurrentThreadId
SizeofResource
HeapFree
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
OpenProcess
HeapSize
CreateEventW
GetLastError
TerminateThread
LockResource
HeapReAlloc
CloseHandle
RaiseException
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
ReadFile
SetEndOfFile
WriteConsoleW
SetFilePointerEx
CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStringTypeW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
SetLastError
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
GetFileType
ReadConsoleW

user32

GetWindowThreadProcessId
GetMessageW
DefWindowProcW
PostMessageW
SendMessageTimeoutW
DestroyWindow
CreateWindowExW
SendMessageW
EndDialog
RegisterClassExW
LoadAcceleratorsW
LoadStringW
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
LoadCursorW
PostQuitMessage
DialogBoxParamW
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
FindWindowExW
FindWindowW
EnumThreadWindows
ShowWindow

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0fc2088b8cb286ca22b3b753c133cca59414c6a1298fb76af5d54ddb6c61a873.exe
.exe windows:5 windows x86 arch:x86

c53e08bb6beec713632928ff71fb4e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vapur.pdb

Imports

kernel32

GetCPInfoExW
WriteConsoleInputW
ReadConsoleInputA
GetConsoleAliasA
SetCommTimeouts
InitializeSListHead
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
CreateActCtxW
CopyFileW
AttachConsole
ReleaseActCtx
ReadConsoleOutputW
GetSystemWindowsDirectoryA
GetStringTypeW
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
CloseHandle
GetUserDefaultLangID
LeaveCriticalSection
GetLongPathNameW
GetConsoleAliasesLengthA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

BackupEventLogA
AdjustTokenPrivileges

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
103578df44dbe6a55c4298130df5c3dca804ce8ae84c692396b89fc84ddf71c8.elf
.elf linux arm
10b52b26be692aea2c0365965a300d479698bdd72910592b55ea42dcb5a29e1b.exe
.exe windows:5 windows x86 arch:x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
10fa492d71b29b06ddec26b6d475bf42a6068e5a245aafc90d135b6d571c7527.elf
.elf linux x86
11972f7634307a1756dbe8033b2dc51932e7ac47d17748bfacc604b54a732346.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ASHAMPOO OPTMI.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
152265b11b39688bfa5dd656dddacf87c01515f70f62aeb3b1406138a77986d5.exe
.exe windows:5 windows x86 arch:x86

22db311026ae931b05f66671eeb9d534

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharUpperW
CharLowerBuffW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
SwitchToThread
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VerSetConditionMask
VerifyVersionInfoW
SetEvent
ResetEvent
LoadLibraryW
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileAttributesW
GetDiskFreeSpaceW
GetCPInfo
FreeLibrary
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumCalendarInfoW
CreateFileW
CreateEventW
CompareStringW
CloseHandle

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetWkstaGetInfo

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 975KB - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17f76c4326657a2e98267c4fc98e4a97207b2f52f4c2da129a77d419fd99b621.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/foler/olader/acledit.dll
.dll windows:6 windows x86 arch:x86

4841609d5e7c77c336247e7bb3fc4cef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

acledit.pdb

Imports

msvcrt

_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

user32

LoadStringW
MessageBoxW

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls

Exports

Exports

DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/foler/olader/acppage.dll
.dll windows:6 windows x86 arch:x86

28cc1fb51b5dca83c86f1fa8d16863a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

acppage.pdb

Imports

msvcrt

_lock
_unlock
sscanf_s
_onexit
_except_handler4_common
??3@YAXPAX@Z
_initterm
_amsg_exit
_XcptFilter
malloc
free
memset
wcscat_s
_wcsupr
_vsnwprintf
wcsstr
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
_purecall
__dllonexit
memcmp

ntdll

RtlImageRvaToVa
NtCreateSection
RtlNtStatusToDosError
NtQuerySection
RtlAllocateHeap
RtlFreeHeap
NtQueryInformationToken
NtOpenProcessToken
NtClose
NtOpenThreadToken
RtlInitUnicodeString
RtlImageDirectoryEntryToData

kernel32

GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
MapViewOfFile
LoadLibraryExW
GetLocalTime
CreateFileMappingW
SystemTimeToFileTime
GetFileTime
FileTimeToSystemTime
QueryActCtxW
GetVersionExW
UnmapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
RaiseException
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
GetLastError
lstrcmpiA
EncodePointer
CreateProcessW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
GetSystemDirectoryW
RegQueryValueExW
LoadLibraryW
CheckElevationEnabled
FormatMessageW
CreateFileW
GetProcAddress
DecodePointer
RegOpenKeyExW
BasepGetExeArchType
CloseHandle
RegCloseKey
LocalFree
ExpandEnvironmentStringsW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId

user32

GetParent
IsWindowEnabled
GetWindowLongW
SetWindowLongW
SendDlgItemMessageW
ShowWindow
GetSystemMetrics
SetDlgItemTextW
SendMessageW
EnableWindow
LoadStringA
LoadStringW
InsertMenuW
GetDlgItem

shlwapi

ord487
PathFindFileNameW
PathFindExtensionW
ord176
StrCmpIW

shell32

SHParseDisplayName
ord155
SHGetPathFromIDListW
SHGetNameFromIDList
SHChangeNotify
SHGetItemFromDataObject

ole32

CoInitializeEx
CoTaskMemAlloc
CoGetObject
StringFromGUID2
CoGetMalloc
CoTaskMemFree
CoCreateInstance
HWND_UserSize
HWND_UserFree
ObjectStublessClient3
HWND_UserMarshal
HWND_UserUnmarshal
CoUninitialize

rpcrt4

CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrDllGetClassObject

sfc

SfcIsFileProtected

msi

ord173
ord201

apphelp

SdbReleaseDatabase
SdbInitDatabase
ApphelpDebugPrintf
SdbGetMatchingExe
SdbQueryFlagMask
SdbGetAppPatchDir

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetExeFromLnk

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/foler/olader/adprovider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

33aa7b92a68c0c85a98b0049813f29de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adprovider.pdb

Imports

msvcrt

??3@YAXPAX@Z
_except_handler4_common
realloc
_vsnwprintf
_errno
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memset
wcschr
_purecall
??2@YAPAXI@Z
_atoi64
_wcsicmp
_wcsnicmp
wcstoul
_ultow
??_U@YAPAXI@Z
memcpy_s
malloc
wcscat_s
free
wcscpy_s
wcsncpy_s
??_V@YAXPAX@Z
memcmp
memcpy

kernel32

DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
LocalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetSystemTimeAsFileTime
CompareFileTime
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
OutputDebugStringA
SystemTimeToFileTime
LocalFree
GetProcAddress
GetCurrentThreadId

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegOpenCurrentUser
TraceMessage

wldap32

ord10
ord40
ord190
ord13
ord18
ord118
ord12
ord73
ord88
ord14
ord152
ord145
ord79
ord142
ord41
ord301
ord167
ord147
ord224
ord140
ord127
ord16
ord26
ord208
ord97

ntdsapi

DsReplicaGetInfo2W
DsReplicaFreeInfo
DsUnBindW
DsBindW

netapi32

NetApiBufferFree
DsGetDcNameW

crypt32

CertAddSerializedElementToStore
CertGetCertificateContextProperty
CryptHashCertificate
CertFreeCertificateContext

oleaut32

RegisterTypeLi
SysFreeString
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

user32

CharNextW
UnregisterClassA

secur32

GetUserNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4.exe
.exe windows:5 windows x86 arch:x86

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\fey\maf\gidisayefepoza\buja howegeruxov51-paxov\rerihax\lu.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
CreateNamedPipeW
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
SetCalendarInfoA
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
FindActCtxSectionStringW
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vpn.exe
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 908KB - Virtual size: 907KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.idata
.reloc
.rsrc/1033/DIALOG/2001
.rsrc/1033/DIALOG/2002
.rsrc/1033/DIALOG/2003
.rsrc/1033/DIALOG/2004
.rsrc/1033/DIALOG/2005
.rsrc/1033/DIALOG/2006
.rsrc/1033/GROUP_ICON/3000
.rsrc/1033/ICON/1
.png
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/ICON/4.ico
.rsrc/1033/ICON/5.ico
.rsrc/1033/ICON/6.ico
.rsrc/1033/ICON/7.ico
.rsrc/1033/ICON/8.ico
.rsrc/1033/ICON/9.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/RCDATA/ADMQCMD
.rsrc/1033/RCDATA/CABINET
.cab
Pensato.vsdm
Poi.vsdm
Sfinge.vsdm
Vorrei.vsdm
.rsrc/1033/RCDATA/EXTRACTOPT
.rsrc/1033/RCDATA/FILESIZES
.rsrc/1033/RCDATA/FINISHMSG
.rsrc/1033/RCDATA/LICENSE
.rsrc/1033/RCDATA/PACKINSTSPACE
.rsrc/1033/RCDATA/POSTRUNPROGRAM
.rsrc/1033/RCDATA/REBOOT
.rsrc/1033/RCDATA/RUNPROGRAM
.rsrc/1033/RCDATA/SHOWWINDOW
.rsrc/1033/RCDATA/TITLE
.rsrc/1033/RCDATA/UPROMPT
.rsrc/1033/RCDATA/USRQCMD
.rsrc/1033/string.txt
.rsrc/1033/version.txt
.rsrc/1049/string.txt
.text
18411de945db0b5933169c220c61ac09e414c6afac3add1373f285236fdceae1.exe
.sys windows:10 windows x64 arch:x64

b3242e2b7e085f49ef8ca4505100736d

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:dd:56:5d:78:63:b7:f7:f1:8e:72:5d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23-02-2021 07:52

Not After

24-02-2022 07:52

Subject

SERIALNUMBER=91460100MA5RCA45XR,CN=海南巨灵网络科技有限公司,O=海南巨灵网络科技有限公司,STREET=龙华区滨海大道117号滨海国际金融中心B座401-403室,L=海口市,ST=海南省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13064841494e414e,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:5d:d6:4d:b7:f6:49:3e:4b:cd:4b:9b:0c:97:d2:4c:38:51:20:b5:59:7d:ba:4b:68:ed:d6:ab:0c:aa:33:8a
Signer

Actual PE Digest

7a:5d:d6:4d:b7:f6:49:3e:4b:cd:4b:9b:0c:97:d2:4c:38:51:20:b5:59:7d:ba:4b:68:ed:d6:ab:0c:aa:33:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\巨灵驱动源码\PacSys\x64\Debug\CoreSys.pdb

Imports

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltAllocatePoolAlignedWithTag
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltReadFile
FltQueryInformationFile
FltSetInformationFile

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

ntoskrnl.exe

RtlAssert
RtlInitUnicodeString
DbgPrint
KeInitializeEvent
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
KeQueryTimeIncrement
ExAllocatePool
ExFreePoolWithTag
MmProbeAndLockPages
MmUnlockPages
IoAllocateIrp
IoAllocateMdl
IoCancelIrp
IoFreeIrp
IoFreeMdl
__C_specific_handler
KeInitializeMutex
KeReleaseMutex
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
ZwClose
ZwDeleteFile
RtlCompareUnicodeString
ObfDereferenceObject
PsGetProcessId
ZwTerminateProcess
ZwOpenProcess
PsLookupProcessByProcessId
PsGetProcessImageFileName
ZwQuerySystemInformation
IoFileObjectType
RtlCopyUnicodeString
ExAllocatePoolWithTag
ObOpenObjectByPointer
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
ZwSetValueKey
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
MmGetSystemRoutineAddress
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ZwOpenFile
PsGetCurrentThreadId
IoQueryFileDosDeviceName
sprintf_s
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
PsGetCurrentProcessId
PsGetThreadId
IoThreadToProcess
ObReferenceObjectByName
IoDriverObjectType
ExGetPreviousMode
CmRegisterCallback
CmUnRegisterCallback
MmIsAddressValid
ObQueryNameString
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlIsGenericTableEmpty
CmKeyObjectType
ZwDeviceIoControlFile
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
PsSetCreateProcessNotifyRoutineEx
KeResetEvent
IoReuseIrp
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
KeBugCheckEx

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 370KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
196e6323c5ffd2105f1159a77c1b1cb583deb9d27875232f5fae5635a39a637d.exe
.exe windows:4 windows x86 arch:x86

Code Sign

1f:32:16:f4:28:f8:50:be:2c:66:ca:a0:56:f6:d8:21
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-10-2019 00:00

Not After

06-10-2022 23:59

Subject

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:32:46:71:38:cb:80:07:39:fa:86:dd:e1:54:4a:c5:8b:46:99:b2:e3:26:d4:7e:03:59:d9:27:f6:48:bf:91
Signer

Actual PE Digest

6d:32:46:71:38:cb:80:07:39:fa:86:dd:e1:54:4a:c5:8b:46:99:b2:e3:26:d4:7e:03:59:d9:27:f6:48:bf:91

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 35KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
1bfab102c650bd406698cf1a9259ca30ae9b6c5027a1c0c54f86ae90688a71dc.elf
.elf linux mipsbe
1f59f32d84315202495176b76490924a00d585b099e31a0e199fbceb21e4ecfb.elf
.elf linux ppc
20699086b527dbc779867c4559fe81fbce03ee1cc800fde1fe75016cc8e1dfd4.elf
.elf linux arm
20d0674ed0695e22dcbe87b9c93a73438e14d124963540af01cd6819e14dad0a.exe
.exe windows:5 windows x86 arch:x86

ce1fdab3df1e2c070cc03b5d515ae746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ziyup\larupudehuvuw72\dimamutopaze48\wubatogexikoc_pobi.pdb

Imports

kernel32

SetFilePointer
lstrlenA
SetLocalTime
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
VirtualUnlock
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
SetConsoleTitleW
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
221286acdd5d0ca1859e8aefb682a430ee7c28fb76f9b824cd8d4a0b441f2dee.elf
.elf linux
229cc6622dafa3903c7fd925d7cae3c286eaec7f79a7bfb06106a2ea7af00d7c.elf
.elf linux sparc
22d3729ace83ac1174f788c27739dd685de07cb698c1111da80da55b74ec2270.elf
.elf linux
2303b69f630d35d7eae22d30c5efeb76d6d89e80c7be9365b90db44e5ce5e94a.sys
.sys windows:10 windows x64 arch:x64

001f613b0ed3f11a6fcd7a807376653b

Code Sign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 22:25

Not After

02-12-2021 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:35:ac:2b:75:37:d7:c5:23:97:35:81:3c:a8:bd:98:54:fe:77:1e:41:c1:8f:75:44:89:db:50:cd:e7:eb:f6
Signer

Actual PE Digest

3a:35:ac:2b:75:37:d7:c5:23:97:35:81:3c:a8:bd:98:54:fe:77:1e:41:c1:8f:75:44:89:db:50:cd:e7:eb:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\巨灵驱动源码\PacSys\x64\Debug\Pac.pdb

Imports

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltAllocatePoolAlignedWithTag
FltGetFileNameInformation
FltReleaseFileNameInformation
FltParseFileNameInformation
FltReadFile
FltQueryInformationFile
FltSetInformationFile

netio.sys

WskCaptureProviderNPI
WskReleaseProviderNPI
WskDeregister
WskRegister

ntoskrnl.exe

RtlAssert
RtlInitUnicodeString
DbgPrint
KeInitializeEvent
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
KeQueryTimeIncrement
ExAllocatePool
ExFreePoolWithTag
MmProbeAndLockPages
MmUnlockPages
IoAllocateIrp
IoAllocateMdl
IoCancelIrp
IoFreeIrp
IoFreeMdl
__C_specific_handler
KeInitializeMutex
KeReleaseMutex
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
ZwCreateFile
ZwQueryInformationFile
ZwSetInformationFile
ZwReadFile
ZwWriteFile
ZwClose
ZwDeleteFile
RtlCompareUnicodeString
RtlCopyUnicodeString
ExAllocatePoolWithTag
ObfDereferenceObject
PsGetProcessId
ZwTerminateProcess
ZwOpenProcess
PsLookupProcessByProcessId
PsGetProcessImageFileName
ZwQuerySystemInformation
ZwCreateKey
ZwOpenKey
ZwDeleteValueKey
ZwEnumerateKey
ZwQueryKey
ZwQueryValueKey
ZwSetValueKey
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
MmGetSystemRoutineAddress
PsCreateSystemThread
ObReferenceObjectByHandle
ZwOpenFile
PsGetCurrentThreadId
IoQueryFileDosDeviceName
sprintf_s
IoFileObjectType
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
PsGetCurrentProcessId
PsGetThreadId
IoThreadToProcess
ObReferenceObjectByName
IoDriverObjectType
ExGetPreviousMode
CmRegisterCallback
CmUnRegisterCallback
MmIsAddressValid
ObQueryNameString
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlIsGenericTableEmpty
RtlEqualUnicodeString
ZwDeviceIoControlFile
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
PsSetCreateProcessNotifyRoutineEx
KeResetEvent
IoReuseIrp
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar
KeBugCheckEx

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tKD0
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
23215d1ae40c2b85e8e9a3013ded976e4b93facf52f4e54cd5e8bd0d43457880.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
25d47d4fc5f5e91882c9987539072959b7dfd20c8abbefa4f05ed92b3470a00f.elf
.elf linux arm
26489e889e7fb78d2541ba5dbf3fffbaa048aabd4fa7d97bd59ba61080628141.exe
.exe windows:5 windows x86 arch:x86

a06df199bc5c29ff1f7c13754059d5f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\maral.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
27d5dc849a3e426aeb25a7db43dccb99ac2ce9716050fdc524d6c76864ad1b28.elf
.elf linux mipsbe
288ee6a0a7438045829895271ee4051009a51cf69e578696f4ca3bb97ef4ea88.exe
.exe windows:5 windows x86 arch:x86

c53e08bb6beec713632928ff71fb4e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vehu hekocod nedofetiv36\wijacapiy\get.pdb

Imports

kernel32

GetCPInfoExW
WriteConsoleInputW
ReadConsoleInputA
GetConsoleAliasA
SetCommTimeouts
InitializeSListHead
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
CreateActCtxW
CopyFileW
AttachConsole
ReleaseActCtx
ReadConsoleOutputW
GetSystemWindowsDirectoryA
GetStringTypeW
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
CloseHandle
GetUserDefaultLangID
LeaveCriticalSection
GetLongPathNameW
GetConsoleAliasesLengthA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

BackupEventLogA
AdjustTokenPrivileges

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
289ba811233a782f75871f0b1a4417ff458308bc24f67c2527dc04f05431b2aa.exe
.exe windows:5 windows x86 arch:x86

df9f8478a5324ab8dd6d2dd50515fa50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\seniwiruvu_mibefa.pdb

Imports

kernel32

GetFileSize
GlobalDeleteAtom
SetFilePointer
lstrlenA
CopyFileExW
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
FindActCtxSectionStringA
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
GetNamedPipeHandleStateW
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetCalendarInfoW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
Process32NextW
QueryMemoryResourceNotification
WriteProfileStringW
BuildCommDCBA
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
28b0f876a3e384044a956ce33e3031f3519a43e7e158165fa59fcf57ead91d10.zip
.zip
DEE Shah Snuil.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640.exe
.exe windows:6 windows x86 arch:x86

5a594319a0d69dbc452e748bcf05892e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2ad586c305e9ac8d4f0348bc714af4b52f885bc0a77fb267ece445188b1d3eb8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2c6726d5f4fa7b91f24b8cf45ad262f4afc9fabea32cd2a4dc0c5bbca4f05544.elf
.elf linux
2c73ce1953b977e3582eec4f61a09d4bef2d8719439be495211ed0050ed8ef8d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

|.4,mI
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
2cba8012f3deb21e3f361d5a3f07cc794b6e18e63b07c98aa2cbd78233cee70e.exe
.exe windows:5 windows x86 arch:x86

7780eb9cc098185992365509d7637fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ged.pdb

Imports

kernel32

GetLongPathNameW
GetUserDefaultLangID
AddRefActCtx
GetCPInfoExW
WriteConsoleInputA
ReadConsoleInputW
GetConsoleAliasW
SetCommTimeouts
SetConsoleCP
VerifyVersionInfoA
WaitNamedPipeA
CreateMutexA
WriteConsoleA
GetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionA
EnumDateFormatsExA
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
Sleep
EndUpdateResourceW
GetCPInfo
SetConsoleCtrlHandler
SetConsoleTitleA
SetFilePointer
GetCurrentConsoleFont
EraseTape
AttachConsole
GetConsoleAliasesLengthW
ZombifyActCtx
ReadConsoleOutputW
GetSystemWindowsDirectoryA
GetStringTypeW
BuildCommDCBAndTimeoutsA
HeapAlloc
HeapLock
GetAtomNameW
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetACP
WaitForMultipleObjects
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterA
LocalAlloc
GetMailslotInfo
SetEnvironmentVariableW
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
PostQueuedCompletionStatus
GetDiskFreeSpaceW
LeaveCriticalSection
EnumDateFormatsA
CopyFileA
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
DeleteCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
IsDebuggerPresent
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
GetStringTypeA
LCMapStringA
LCMapStringW
CloseHandle

user32

GetAltTabInfoW

gdi32

GetCharWidth32A

advapi32

AdjustTokenPrivileges
BackupEventLogA

Exports

Exports

@GetSecondVice@0

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 39.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2ea149ec3c2d507823d6419cccbc6a4e3cc920efd0689aba8da8adf529da3c2c.elf
.elf linux x86
2f13aeda87ac36d7d1ed671093fb1c713eebba7c3536ccf44486aad6ae679450.exe
.exe windows:5 windows x86 arch:x86

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\povazo96\han\mezawin\dizale.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
CreateNamedPipeW
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
SetCalendarInfoA
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
FindActCtxSectionStringW
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 943KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
316fac5ae2d4e250b1c0f10b4388fa2c6c3407b118e539a7d865613e373628d9.zip
.zip
Pegasus/144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e
.apk android arch:arm

com.lenovo.safecenter

.MainTab.SplashActivity

Activities

.MainTab.SplashActivity

android.intent.action.MAIN

.MainTab.LeSafeMainActivity

com.lenovo.safecenter.mainTab

.MainTab.UpdateVersionActivity

com.lenovo.safecenter.updateAndPassword

.platform.AgainstTheftSet

com.lenovo.safecenter.AgainstTheftSet

.Laboratory.ForbiddenApplication

com.lenovo.safecenter.view.ForbiddenApplication

.Laboratory.GuestModeSet

com.lenovo.safecenter.view.GuestModeSet

.AppsManager.DialogActivity

com.lenovo.safecenter.view.DialogActivity

.safemode.SofeModeMain

com.lenovo.safecenter.safemode.SofeModeMain

.Laboratory.SafePaymentDialogActivity

com.lenovo.safecenter.view.LaboratoryActivity

.Laboratory.SafePaymentActivity

com.lenovo.safecenter.SafePaymentActivity

.lenovoAntiSpam.MainActivity

com.lenovo.safecenter.main

.antivirus.MainActivity

com.lenovo.safecenter.antivirus.main

.antivirus.views.FlashProActivity

com.lenovo.antivirus.gifmain

.antivirus.views.NotiSMSActivity

com.lenovo.antivirus.notice

.safemode.PrivateMainActivity

com.lenovo.safecenter.privatezone

.net.TrafficStatistics

com.lenovo.safecenter.net.traffic

.net.doublemode.NetSetting

com.lenovo.safecenter.net.setting

.Laboratory.AppUninstall

com.lenovo.safecenter.appuninstall

.shortcut.CleanAcitivty

android.intent.action.MAIN
android.intent.action.CREATE_SHORTCUT

.floatwindow.shortcut.ShortcutActivity

android.intent.action.CREATE_SHORTCUT

.lenovoAntiSpam.newview.WhiteABlackMain

com.lenovo.safecenter.manblack
com.lenovo.safecenter.manwhite

com.lenovo.install.InstallActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.CALL_PHONE
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.RECEIVE_MMS
android.permission.READ_CALENDAR
android.permission.WRITE_CALENDAR
android.permission.WRITE_CONTACTS
android.permission.WRITE_SMS
android.permission.WRITE_SETTINGS
android.permission.WRITE_SECURE_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_MOCK_LOCATION
android.permission.ACCESS_NETWORK_STATE
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.FORCE_STOP_PACKAGES
android.permission.PACKAGE_USAGE_STATS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.MODIFY_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.STATUS_BAR_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_NETWORK_USAGE_HISTORY
android.permission.DELETE_PACKAGES
android.permission.GET_PACKAGE_SIZE
android.permission.READ_LOGS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.CHANGE_NETWORK_STATE
android.permission.GET_TASKS
android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.BROADCAST_WAP_PUSH
android.permission.RECEIVE_WAP_PUSH
android.permission.ACCESS_WIFI_STATE
android.permission.BATTERY_STATUS
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.VIBRATE
android.permission.FORCE_STOP_PACKAGES
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_SYNC_SETTINGS
android.permission.DEVICE_POWER
android.permission.SYSTEM_ALERT_WINDOW
android.permission.DELETE_CACHE_FILES
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_MOCK_LOCATION
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.PACKAGE_USAGE_STATS
android.permission.WAKE_LOCK
android.permission.MODIFY_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.STATUS_BAR_SERVICE
android.permission.SET_ACTIVITY_WATCHER
android.permission.WRITE_MEDIA_STORAGE
android.permission.MASTER_CLEAR
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
android.permission.MOVE_PACKAGE
android.permission.CLEAR_APP_CACHE
android.permission.ACCESS_WIFI_SATAE
android.permission.BATTERY_STATUS
android.permission.BLUETOOTH

Receivers

com.lenovo.lps.sus.control.SUSReceiver

com.lenovo.lps.sus.ACTION_UPDATE

.platform.BootBroadcast

android.intent.action.BOOT_COMPLETED
android.intent.action.SIM_STATE_CHANGED

.platform.NoticeBroadcast

lenovo.use.permission.denied
com.safecenter.broadcast.openChildMode
com.safecenter.broadcast.openPrivacyMode
com.safecenter.broadcast.openGuestMode
com.lenovo.safecenter.view.DialogActivity

.broadcast.AppBroadcast

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

.broadcast.HarassLogBroadcast

ACTION_BLACK_MESSAGE
ACTION_BLACK_PHONE
com.lenovo.antivirus.notify

.broadcast.SmsBroadcast

lenovo.backgroud.sendsms
SENT_SMS_ACTION

.support.SMSCheckReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_RECEIVED_ON_SIM

.support.OutPhoneReceiver

android.intent.action.USER_PRESENT

.support.CheckInterChangeReceiver

com.lenovo.antispam.blackperson.change
com.lenovo.antispam.whiteperson.change
com.lenovo.antispam.netperson.change
com.lenovo.securityperson.change
com.lenovo.antispam.blackperson..provider.change

.utils.updateLab.UpdateLabReceiver

com.lenovo.antivirus.updateresult
com.lenovo.antivirus.queryresult
com.lenovo.antispam.blackupdateresult
com.lenovo.antispam.blackqueryresult
com.lenovo.antispam.sysupdateresult
com.lenovo.antispam.sysqueryresult
com.lenovo.safecenter.Broadcast.updateLab
com.lenovo.antispam.signcallupdateresult
com.lenovo.antispam.signcallqueryresult

.utils.updateLab.WifiConnectedReceiver

android.net.wifi.STATE_CHANGE

.lenovoAntiSpam.support.SMSCheckReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_RECEIVED_ON_SIM

.broadcast.SafeInputMethodBroadcast

com.lenovo.safecenter.safeinputmethod

.broadcast.UpdateTrafficReceiver

com.lenovo.safecenter.updatetrafficbar.broadcast
com.lenovo.safecenter.init.trafficbar

.antivirus.support.BootBroadcastReceiver

action.forcestop.antivirus
action.antivirus.init

.antivirus.support.AppBroadcast

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

.antivirus.support.alarmreceiver

android.net.conn.CONNECTIVITY_CHANGE

.net.support.BootBroadcast

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_SHUTDOWN
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.net.conn.CONNECTIVITY_CHANGE
com.lenovo.safecenter.traffic.correction
android.intent.action.AIRPLANE_MODE

.support.MMSReceiver

android.provider.Telephony.WAP_PUSH_RECEIVED

.antivirus.support.DeleteSDFileBroadcast

action.antivirus.delete.sdfile

.broadcast.InputMethodChangeBroadcast

android.intent.action.INPUT_METHOD_CHANGED
com.safecenter.boot.safeinput

com.lenovo.performancecenter.service.object.KillAllPackageReceiver

com.lenovo.safecenter.PERFORMANCE_KILL_ALL_PROCESSES
com.lenovo.safecenter.PERFORMANCE_KILL_SINGLE_PROCESS
com.lenovo.safecenterwidget.RECORD_KILL_EVENT
com.lenovo.safecenter.clearapp

com.lenovo.performancecenter.framework.LeemCenterReceiver

android.intent.action.BOOT_COMPLETED
com.lenovo.safecenter.activityswitch

.mmsutils.PushReceiver

android.provider.Telephony.WAP_PUSH_RECEIVED

.Laboratory.SafeHomePageBroadcast

com.lenovo.safecenter.activityswitch

Services

.broadcast.AlarmService

com.lenovo.antitheft.ALARM

.broadcast.sendMsgService

com.lenovo.antitheft.SENDMESSAGE

.lenovoAntiSpam.support.DownSysService

com.lenovo.antispam.sysupdate
com.lenovo.antispam.sysquery

.lenovoAntiSpam.support.DownNetBlackService

com.lenovo.antispam.netblackupdate
com.lenovo.antispam.netblackquery

.lenovoAntiSpam.support.DownSignCallService

com.lenovo.antispam.signcallquery
com.lenovo.antispam.signcallupdate

.antivirus.support.dowmdataService

com.lenovo.antivirus.query
com.lenovo.antivirus.update

.broadcast.LockScreenService

com.lenovo.safecenter.lockscreenservice

.net.support.InitializeService

com.lenovo.safecenter.traffic.service.RTC
com.lenovo.safecenter.deletetraffic.service.RTC
com.lenovo.safecenter.updatetrafficbar.service.RTC
com.lenovo.safecenter.correct.traffic.SIM.service.RTC
com.lenovo.safecenter.correct.traffic.SIM2.service.RTC
com.lenovo.safecenter.notice.traffic.ui.service.RTC

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirusService

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirus

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheckService

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheck

com.lenovo.safecenter.aidl.usbdebugmode.RemoteUsbDebugModeService

com.lenovo.safecenter.aidl.usbdebugmode.RemoteSetUsbDebugMode

com.lenovo.performancecenter.framework.CustomerWhiteListService

com.lenovo.performancecenter.framework.CustomerWhiteListService
LenovoSafeBox455.apk
.apk android

com.lenovo.safebox

com.lenovo.lps.sus.control.SUSPromptActivity

Activities

.PrivateSpaceActivity

com.lenovo.safecenter.LENOVO_SAFEBOX

.AddAppActivity

com.lenovo.safecenter.LENOVO_APPLOCK

.VisitControlActivity

com.lenovo.safebox.VISIT_CONTROL

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.GET_TASKS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_PHONE_STATE
android.permission.READ_LOGS
android.permission.WRITE_SETTINGS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher.permission.READ_SETTINGS

Receivers

com.lenovo.safebox.PrivacySpaceReceiver

android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_SCANNER_FINISHED

.service.BootReceiver

android.intent.action.MEDIA_EJECT
android.intent.action.MEDIA_MOUNTED
android.intent.action.BOOT_COMPLETED
android.intent.action.USER_PRESENT

com.lenovo.lps.sus.control.SUSReceiver

com.lenovo.lps.sus.ACTION_UPDATE

Services

com.lenovo.safebox.service.WatchAppService

com.lenovo.safebox.NO_SERVICE

com.lenovo.safebox.service.MonitorAppService

com.lenovo.safebox.WATCH_APP_SERVICE
LenovoSafeWidget115.apk
.apk android

com.lenovo.safecenterwidget

.DownloadLeSafeActivity

Activities

Permissions

android.permission.KILL_BACKGROUND_PROCESSES
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_SATAE
android.permission.READ_PHONE_STATE

Receivers

.MemClear4X1

android.appwidget.action.APPWIDGET_UPDATE
android.intent.action.USER_PRESENT
com.lenovo.safewidget.memory.refresh
com.lenovo.safewidget.memory.entrysafecenter
com.lenovo.safecenter.PERFORMANCE_GET_KILL_RESULT
com.lenovo.safecenter.PERFORMANCE_EXE_SHORTCUT
com.lenovo.safecenterwidget.ok
com.lenovo.safecenter.PERFORMANCE_RECORD_KILL_EVENT

Services
Pegasus/530b4f4d139f3ef987d661b2a9f74f5f
Pegasus/bd8cda80aaee3e4a17e9967a1c062ac5c8e4aefd7eaa3362f54044c2c94db52a
.apk android

seC.dujmehn.qdtheyt

seC.dujmehn.qdtheyt.Dujmehnpqyd

Activities

seC.dujmehn.qdtheyt.Dujmehnpqyd

android.intent.action.MAIN

Permissions

android.permission.FORCE_STOP_PACKAGES
android.permission.ACCESS_CHECKIN_PROPERTIES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.ACCESS_MOCK_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_SURFACE_FLINGER
android.permission.ACCESS_WIFI_STATE
android.permission.ACCOUNT_MANAGER
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.BATTERY_STATS
android.permission.BIND_APPWIDGET
android.permission.BIND_DEVICE_ADMIN
android.permission.BIND_INPUT_METHOD
android.permission.BIND_REMOTEVIEWS
android.permission.BIND_WALLPAPER
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BRICK
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.BROADCAST_SMS
android.permission.BROADCAST_STICKY
android.permission.BROADCAST_WAP_PUSH
android.permission.CALL_PHONE
android.permission.CALL_PRIVILEGED
android.permission.CAMERA
android.permission.CHANGE_COMPONENT_ENABLED_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.CLEAR_APP_CACHE
android.permission.CLEAR_APP_USER_DATA
android.permission.CONTROL_LOCATION_UPDATES
android.permission.DELETE_CACHE_FILES
android.permission.DELETE_PACKAGES
android.permission.DEVICE_POWER
android.permission.DIAGNOSTIC
android.permission.DISABLE_KEYGUARD
android.permission.DUMP
android.permission.EXPAND_STATUS_BAR
android.permission.FACTORY_TEST
android.permission.FLASHLIGHT
android.permission.FORCE_BACK
android.permission.GET_ACCOUNTS
android.permission.GET_PACKAGE_SIZE
android.permission.GET_TASKS
android.permission.GLOBAL_SEARCH
android.permission.HARDWARE_TEST
android.permission.INJECT_EVENTS
android.permission.INSTALL_LOCATION_PROVIDER
android.permission.INSTALL_PACKAGES
android.permission.INTERNAL_SYSTEM_WINDOW
android.permission.INTERNET
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.MANAGE_ACCOUNTS
android.permission.MANAGE_APP_TOKENS
android.permission.MASTER_CLEAR
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.MODIFY_PHONE_STATE
android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.NFC
android.permission.PERSISTENT_ACTIVITY
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_CALENDAR
android.permission.READ_CONTACTS
android.permission.READ_FRAME_BUFFER
android.permission.READ_HISTORY_BOOKMARKS
android.permission.READ_INPUT_STATE
android.permission.READ_LOGS
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.REBOOT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_MMS
android.permission.RECEIVE_SMS
android.permission.RECEIVE_WAP_PUSH
android.permission.RECORD_AUDIO
android.permission.REORDER_TASKS
android.permission.RESTART_PACKAGES
android.permission.SEND_SMS
android.permission.SET_ACTIVITY_WATCHER
android.permission.SET_ALARM
android.permission.SET_ALWAYS_FINISH
android.permission.SET_ANIMATION_SCALE
android.permission.SET_DEBUG_APP
android.permission.SET_ORIENTATION
android.permission.SET_PREFERRED_APPLICATIONS
android.permission.SET_PROCESS_LIMIT
android.permission.SET_TIME
android.permission.SET_TIME_ZONE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.SIGNAL_PERSISTENT_PROCESSES
android.permission.STATUS_BAR
android.permission.SUBSCRIBED_FEEDS_READ
android.permission.SUBSCRIBED_FEEDS_WRITE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.UPDATE_DEVICE_STATS
android.permission.USE_CREDENTIALS
android.permission.USE_SIP
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.WRITE_APN_SETTINGS
android.permission.WRITE_CALENDAR
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_GSERVICES
android.permission.WRITE_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.WRITE_SECURE_SETTINGS
android.permission.WRITE_SETTINGS
android.permission.WRITE_SMS
android.permission.WRITE_SYNC_SETTINGS
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.email.permission.ACCESS_PROVIDER
com.android.email.provider.EmailProvider
android.permission.WRITE_APN_SETTINGS
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.WAKE_LOCK
android.permission.SET_WALLPAPER_HINTS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.NFC
android.permission.READ_SYNC_SETTINGS
android.permission.UNINSTALL_SHORTCUT
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.INTERNET
android.permission.NFC
android.permission.ACCESS_NOTIFICATION_POLICY
android.permission.CHANGE_NETWORK_STATE
android.permission.READ_SYNC_STATS
android.permission.UNINSTALL_SHORTCUT

Receivers

seC.dujmehn.qdtheyt.ICiHusuyluh

android.intent.action.DATA_SMS_RECEIVED

seC.dujmehn.qdtheyt.qwudj.DujmehnHusuyluh

android.intent.action.PHONE_STATE
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.BOOT_COMPLETED
android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.NEW_OUTGOING_SMS
android.intent.action.ACTION_TIMEZONE_CHANGED
android.intent.action.ACTION_TIME_CHANGED
android.intent.action.ACTION_UID_REMOVED
android.intent.action.ACTION_USER_PRESENT
android.bluetooth.device.action.ACL_CONNECTED
android.bluetooth.device.action.ACL_DISCONNECTED
android.net.conn.CONNECTIVITY_CHANGE
com.network.android.USER_PRESENT
android.intent.action.DATA_SMS_RECEIVED
android.intent.action.BATTERY_CHANGED

.heeCJqf.QkjeQdimuhHusuyluh

android.intent.action.PHONE_STATE

seC.dujmehn.qdtheyt.QdtheytSqBBTyhusjMqjsxuh

android.intent.action.PHONE_STATE

seC.dujmehn.qdtheyt.ReejHusuyluh

android.intent.action.BOOT_COMPLETED

Services

seC.dujmehn.kiit.STKIITIuhlysu

com.android.ussd.IExtendedNetworkService
Pegasus/cc9517aafb58279091ac17533293edc1
.apk android

com.binary.sms.receiver

com.binary.sms.receiver.SkeletonActivity

Activities

com.binary.sms.receiver.SkeletonActivity

android.intent.action.MAIN

Permissions

android.permission.FORCE_STOP_PACKAGES
android.permission.ACCESS_CHECKIN_PROPERTIES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.ACCESS_MOCK_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_SURFACE_FLINGER
android.permission.ACCESS_WIFI_STATE
android.permission.ACCOUNT_MANAGER
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.BATTERY_STATS
android.permission.BIND_APPWIDGET
android.permission.BIND_DEVICE_ADMIN
android.permission.BIND_INPUT_METHOD
android.permission.BIND_REMOTEVIEWS
android.permission.BIND_WALLPAPER
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BRICK
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.BROADCAST_SMS
android.permission.BROADCAST_STICKY
android.permission.BROADCAST_WAP_PUSH
android.permission.CALL_PHONE
android.permission.CALL_PRIVILEGED
android.permission.CAMERA
android.permission.CHANGE_COMPONENT_ENABLED_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.CLEAR_APP_CACHE
android.permission.CLEAR_APP_USER_DATA
android.permission.CONTROL_LOCATION_UPDATES
android.permission.DELETE_CACHE_FILES
android.permission.DELETE_PACKAGES
android.permission.DEVICE_POWER
android.permission.DIAGNOSTIC
android.permission.DISABLE_KEYGUARD
android.permission.DUMP
android.permission.EXPAND_STATUS_BAR
android.permission.FACTORY_TEST
android.permission.FLASHLIGHT
android.permission.FORCE_BACK
android.permission.GET_ACCOUNTS
android.permission.GET_PACKAGE_SIZE
android.permission.GET_TASKS
android.permission.GLOBAL_SEARCH
android.permission.HARDWARE_TEST
android.permission.INJECT_EVENTS
android.permission.INSTALL_LOCATION_PROVIDER
android.permission.INSTALL_PACKAGES
android.permission.INTERNAL_SYSTEM_WINDOW
android.permission.INTERNET
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.MANAGE_ACCOUNTS
android.permission.MANAGE_APP_TOKENS
android.permission.MASTER_CLEAR
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.MODIFY_PHONE_STATE
android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.NFC
android.permission.PERSISTENT_ACTIVITY
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_CALENDAR
android.permission.READ_CONTACTS
android.permission.READ_FRAME_BUFFER
android.permission.READ_HISTORY_BOOKMARKS
android.permission.READ_INPUT_STATE
android.permission.READ_LOGS
android.permission.READ_PHONE_STATE
android.permission.READ_SMS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.REBOOT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECEIVE_MMS
android.permission.RECEIVE_SMS
android.permission.RECEIVE_WAP_PUSH
android.permission.RECORD_AUDIO
android.permission.REORDER_TASKS
android.permission.RESTART_PACKAGES
android.permission.SEND_SMS
android.permission.SET_ACTIVITY_WATCHER
android.permission.SET_ALARM
android.permission.SET_ALWAYS_FINISH
android.permission.SET_ANIMATION_SCALE
android.permission.SET_DEBUG_APP
android.permission.SET_ORIENTATION
android.permission.SET_PREFERRED_APPLICATIONS
android.permission.SET_PROCESS_LIMIT
android.permission.SET_TIME
android.permission.SET_TIME_ZONE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.SIGNAL_PERSISTENT_PROCESSES
android.permission.STATUS_BAR
android.permission.SUBSCRIBED_FEEDS_READ
android.permission.SUBSCRIBED_FEEDS_WRITE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.UPDATE_DEVICE_STATS
android.permission.USE_CREDENTIALS
android.permission.USE_SIP
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.WRITE_APN_SETTINGS
android.permission.WRITE_CALENDAR
android.permission.WRITE_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_GSERVICES
android.permission.WRITE_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.WRITE_SECURE_SETTINGS
android.permission.WRITE_SETTINGS
android.permission.WRITE_SMS
android.permission.WRITE_SYNC_SETTINGS
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.email.permission.ACCESS_PROVIDER
com.android.email.provider.EmailProvider
android.permission.WRITE_APN_SETTINGS

Receivers

com.binary.sms.receiver.SmsReceiver

android.intent.action.DATA_SMS_RECEIVED
Pegasus/d257cfde7599f4e20ee08a62053e6b3b936c87d373e6805f0e0c65f1d39ec320
.apk android arch:arm

com.xxGameAssistant.pao

com.xxGameAssistant.pao.SplashActivity

Activities

com.xxGameAssistant.pao.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_INTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.GET_TASKS
android.permission.ACCESS_SUPERUSER
33481c488a99543df496bff3061593b892eb577fd6356f88b24b64b2dafce558.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
342115e2b3702673e9f1baf63f0d801598b525b66388fd6af88a1a4666228482.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eayms
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
35b4822635133861f722ec498a51cfdcc055226058bc6cd245995e685e10be23.exe
.exe windows:5 windows x86 arch:x86

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\biso\luc.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
CreateNamedPipeW
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
SetCalendarInfoA
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
FindActCtxSectionStringW
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 326KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
35ef835c77b1e02e025da29a69effd42fe689876819ad90b159de8b32d64c96e.exe
.exe windows:5 windows x86 arch:x86

7674305f35b9aa8841472231e8903dc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xuz\minez\zovotuyebapoc-32-lutiwakido.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetConsoleCursorInfo
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapReAlloc
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3c6ef2f8997d6e4a1530b90b87acc9756d8e73d8b1281b98b164c74367290fad.elf
.elf linux sparc
3f6a5ae95fd45617bda516b2c044dad2cc86f0ebb35c66e7bcbddb14c5be80bb.elf
.elf linux arm
3f807fcbb5e0d62da56300cfeaaf31d2d53510620c6977fd6b4a07033be51cdf.elf
.elf linux ppc
4131ccbef9251524c0b1f72439733b31d69cb1f2b1849fdc87a5b04fce0a3d82.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
430a8b25a2402df730db530ea67ba300c36f13622dbb937eb14f8101d8703165.elf
.elf linux mipsel
4a4c87cda8852aa339f31cd3cb8f4c91b53bf0017de22b36bd03f48b3aa1ceea.elf
.elf linux arm
4acbafb8a79411abf461bc4ebe4ad1efe4abe663adcd7972588f6e98715217d8.exe
.exe windows:5 windows x86 arch:x86

7674305f35b9aa8841472231e8903dc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\mipafecuhez31-fuwam.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetConsoleCursorInfo
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapReAlloc
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4b65924095c8dd97ecabc1e571a9a98cb9d92bca306c964b5608533b021b4fe7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

mLX?9X
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 577KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
4e1c14c94fedcb136dd05d5a4d4e1ddda923ab1338fb090dd95d12913ac65b9d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

9e:40:5f:c9:ae:3c:44:e6
Certificate

Issuer

CN=ChannelDispatcher

Not Before

23-07-2021 20:00

Not After

24-07-2024 07:00

Subject

CN=ChannelDispatcher

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9e:40:5f:c9:ae:3c:44:e6
Certificate

Issuer

CN=ChannelDispatcher

Not Before

23-07-2021 20:00

Not After

24-07-2024 07:00

Subject

CN=ChannelDispatcher

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:04:00:c6:ef:c2:95:08:17:74:3a:0e:bd:27:11:f5:c5:de:5f:bb:9b:f2:dc:fd:45:73:f0:d6:9c:2b:65:57
Signer

Actual PE Digest

93:04:00:c6:ef:c2:95:08:17:74:3a:0e:bd:27:11:f5:c5:de:5f:bb:9b:f2:dc:fd:45:73:f0:d6:9c:2b:65:57

Digest Algorithm

sha256

PE Digest Matches

true

e3:5f:dc:bd:28:48:07:d5:21:0d:6d:53:71:2f:09:04:23:c1:d5:9b
Signer

Actual PE Digest

e3:5f:dc:bd:28:48:07:d5:21:0d:6d:53:71:2f:09:04:23:c1:d5:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4e6c67c9a0207260b593cae0b1c9eb4e08b57462607732ca3a9823b852fa88c2.elf
.elf linux
5077111b1030c224e7f95035c72a76aaba1cdb91c941962f12a32ab733007b91.exe
.exe windows:5 windows x86 arch:x86

71955ccbbcbb24efa9f89785e7cce225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
PostQueuedCompletionStatus
FormatMessageW
GetLastError
SetEvent
TlsAlloc
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
TlsFree
FormatMessageA
CreateEventA
GetCurrentProcess
GetSystemTimes
GetTickCount64
GetProcessTimes
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
CreateEventW
MultiByteToWideChar
TerminateThread
QueueUserAPC
GetProcAddress
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
GetSystemTimeAsFileTime
CreateIoCompletionPort
CreateDirectoryW
ReadFile
SizeofResource
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
WriteProcessMemory
FindFirstFileExW
SetPriorityClass
VirtualFree
GetFullPathNameW
FindNextFileW
lstrlenW
WriteFile
Wow64DisableWow64FsRedirection
GetSystemDefaultUILanguage
GetDiskFreeSpaceW
VirtualAlloc
TerminateProcess
GetDriveTypeA
GetModuleFileNameW
GetUserDefaultLocaleName
GetProcessId
K32GetModuleFileNameExW
GetProductInfo
Thread32Next
GetTempPathW
CreateMutexW
Thread32First
FindClose
GetLocaleInfoW
CreateFileW
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
K32GetProcessImageFileNameW
SuspendThread
GetSystemDirectoryW
ResumeThread
lstrcatA
OpenProcess
SetFileAttributesW
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Sleep
CopyFileA
Process32NextW
K32GetProcessMemoryInfo
CreateFileA
GetCurrentThread
LoadLibraryA
LockResource
GlobalAlloc
Process32FirstW
GlobalFree
GetNativeSystemInfo
GetSystemInfo
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
SetFileAttributesA
GetThreadContext
GetPriorityClass
GlobalLock
VirtualAllocEx
MoveFileExW
GetFileSize
ExitProcess
ReadProcessMemory
GetComputerNameW
FindFirstStreamW
GetCurrentProcessId
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
GetModuleHandleW
WinExec
CreateRemoteThread
QueryFullProcessImageNameW
CreateProcessA
DebugBreak
SetThreadContext
FindNextStreamW
GetTickCount
GlobalUnlock
GetDriveTypeW
GetFileTime
OpenThread
GetExitCodeProcess
Beep
CreatePipe
PeekNamedPipe
GetStartupInfoA
lstrcpyA
CreateThread
CreateTimerQueueTimer
VirtualProtect
GetCommandLineW
DeviceIoControl
GetEnvironmentVariableW
GetExitCodeThread
FreeLibrary
IsDebuggerPresent
CreateTimerQueue
EncodePointer
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
QueryPerformanceCounter
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetStringTypeW
GetCPInfo
CompareStringW
LCMapStringW
OutputDebugStringW
InitializeCriticalSection
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ResetEvent
ReleaseSemaphore
OpenEventA
GetLogicalProcessorInformation
GetCurrentDirectoryW
DeleteFileW
RemoveDirectoryW
CreateDirectoryExW
GetFileSizeEx
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
RtlUnwind
SetConsoleCtrlHandler
ExitThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
WriteConsoleW
SetEnvironmentVariableA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryExA

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
50faf0734298392eef24a83f8376879d15d0601a24add01dfcfe117ced602d7f.elf
.elf linux arm
52214d5f8629d60b5c9c51af77930eab8353970315a7e686a8dc3adb86b38b91.gz
.rar
52b59ccbc415fc7dfe4cf2b9a6c0cc7502f9d94a165618f2a737333b2ec3d64e.elf
.elf linux sparc
53291702642b5fc31be6247ca1794c8f4baec6eb17ee7b85744e655ded9b4203.elf
.elf linux arm
5374f65d5e65672b5f1a115f343b8d750cb0aa3acaafcf4460a876e4e4b023ac.elf
.elf linux arm
5b74ce1d96a51a2083e32854851ac5152bca49293c4a598922fbc8de3f3d3b6b.exe
.exe windows:5 windows x86 arch:x86

e65b83417738f666152fabcdb3753ddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\lumumoxiwag kajusuyaluva60\zehavobig\97 du.pdb

Imports

kernel32

GetConsoleAliasA
InitializeSListHead
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeW
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
IsDebuggerPresent
FindFirstVolumeA
WriteFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
LoadLibraryExW
CopyFileW
AttachConsole
ReleaseActCtx
CreateActCtxW
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
SetSystemPowerState
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExW
SetEnvironmentVariableA
GetFileAttributesExW
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
WriteConsoleW
GetConsoleAliasesLengthA
HeapValidate
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
GetLastError
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP

user32

GetAltTabInfoW
RealChildWindowFromPoint

advapi32

AdjustTokenPrivileges
BackupEventLogA

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5cb17b802166269da90ff64b01728c6bcb2ecb614ebcbc3361550faf8fc83609.exe
.exe windows:5 windows x86 arch:x86

09fad65bab468ddd6d77fa7d048c7436

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cafubimadovor49\gipa10 dilibofu\hakozahul.pdb

Imports

kernel32

GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
WriteFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
LoadLibraryExW
CopyFileW
AttachConsole
InitializeSListHead
CreateActCtxW
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
SetSystemPowerState
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExW
SetEnvironmentVariableA
GetFileAttributesExW
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
WriteConsoleW
ReleaseActCtx
GetConsoleAliasA
LeaveCriticalSection
GetConsoleAliasesLengthA
ReadConsoleOutputW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

AdjustTokenPrivileges
BackupEventLogA

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5dc5d009a19088a3c39c66eb561c7444eaebf1b46ff2982ece0b4352ba769fa2.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

DllMain
_Z12initCallbackv

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5deff97f9c65c88e7fc6b4ca0345c439a5530a3ce39aa88483f67a1bba4671c4.elf
.elf linux arm
6020642d043b8ed32fd22a6d60574088a02c5ba4d42dcf587aae0c595cef7e9f.elf
.elf linux mipsbe
61d7cfe36e940d9edb7cade3591d5ec21f268d7ac851ea4d1a162d97569828f4.exe
.exe windows:5 windows x86 arch:x86

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\seyelaxed virohidabeso16\zofehiyanosufo\podovufuriw.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
CreateNamedPipeW
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
SetCalendarInfoA
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
FindActCtxSectionStringW
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
627cfbd869a572cbfd0e182e63af679b72ac7be3fdeb90343fc50bf8d524ef26.elf
.elf linux mipsbe
6313e26d09a268320fae5f91c8c9de899e367e15ef4ca65a11b07e435e93f0d5.elf
.elf linux ppc
641ddfbeb79686d53e97f99b043550cde7d19ef91c6e611f02ad80f33daaf4ad.exe
.exe windows:5 windows x86 arch:x86

df9f8478a5324ab8dd6d2dd50515fa50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\comagagetepepu\cetukuku\66\yeb\kuhepemam.pdb

Imports

kernel32

GetFileSize
GlobalDeleteAtom
SetFilePointer
lstrlenA
CopyFileExW
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
FindActCtxSectionStringA
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
GetNamedPipeHandleStateW
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetCalendarInfoW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
Process32NextW
QueryMemoryResourceNotification
WriteProfileStringW
BuildCommDCBA
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 943KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6b01154004b3baac2cc7701d8319f4cc7a7ef361e02937989849ccdbd35b3e88.exe
.exe windows:5 windows x86 arch:x86

c53e08bb6beec713632928ff71fb4e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\komux-fikikazir\20\yekewijo yawoged zocifiy_libayuzaji\h.pdb

Imports

kernel32

GetCPInfoExW
WriteConsoleInputW
ReadConsoleInputA
GetConsoleAliasA
SetCommTimeouts
InitializeSListHead
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
CreateActCtxW
CopyFileW
AttachConsole
ReleaseActCtx
ReadConsoleOutputW
GetSystemWindowsDirectoryA
GetStringTypeW
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
CloseHandle
GetUserDefaultLangID
LeaveCriticalSection
GetLongPathNameW
GetConsoleAliasesLengthA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

BackupEventLogA
AdjustTokenPrivileges

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6b207a13e8007625f863abc133019ea9aa84471767ef5c38dec8554061a5a7f6.elf
.elf linux arm
6e50f63e75dfdf0b0eab0fedd7481165d4606c7e42e7055ec999df78ac2bd95a.elf
.elf linux mipsbe
6eafa7c61e42d196916baffa8392658241fe214d13edefeeffde6aa0619e3507.exe
.exe windows:6 windows x86 arch:x86

eb5bc6ff6263b364dfbfb78bdb48ed59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
702b6e7833992bf77092b4358cf2fb3719ea4cd681074d3769cde3198303dafe.elf
.elf linux x86
710586205a09403fa73044e40d3c9bcb12bb2199b3f716f3cdd8977ea39ecaa0.elf
.elf linux mipsbe
73f33a97b90f57440293f4814895e0d2dd1294a8eb8a0aa202ee1cddab585e4b.elf
.elf linux arm
74bfc91ed6c4ae72b818ba36266e9854e6e3d9e75c2951308471b40917b24209.exe
.exe windows:5 windows x86 arch:x86

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\varala jofemu76_ca.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
CreateNamedPipeW
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
SetCalendarInfoA
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
FindActCtxSectionStringW
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7d5a52529f559487fc8b8f960b9427fa75e71d33a7e88d682700ec095dd8158e.exe
.exe windows:5 windows x86 arch:x86

52c37101f2973085af5ed972e3b0d2d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wiculicupadipe\lorep\36-relulifiwec wicizezam.pdb

Imports

kernel32

InterlockedPopEntrySList
EnumDateFormatsW
LeaveCriticalSection
GetConsoleAliasesLengthA
CreateTapePartition
GetLongPathNameW
GetUserDefaultLangID
AddRefActCtx
GetCPInfoExA
WriteConsoleInputW
ReadConsoleInputW
GetTapeParameters
WaitCommEvent
GetNumaNodeProcessorMask
GetConsoleCP
VerifyVersionInfoA
WaitNamedPipeW
CreateMutexA
WriteConsoleW
GetLastError
CreateFileA
DeleteFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
IsDebuggerPresent
FindFirstVolumeW
WriteFile
BuildCommDCBW
FindActCtxSectionStringW
VerLanguageNameW
AreFileApisANSI
WriteProcessMemory
RequestWakeupLatency
PeekConsoleInputA
SetEvent
IsBadReadPtr
Sleep
WaitForSingleObject
LoadResource
GetCPInfo
FreeConsole
SetConsoleCtrlHandler
SetConsoleTitleW
GetCurrentConsoleFont
SetConsoleTextAttribute
AttachConsole
GetConsoleAliasesLengthW
ReadConsoleA
ReadConsoleOutputW
GetSystemWindowsDirectoryW
GetStringTypeW
BuildCommDCBAndTimeoutsW
HeapUnlock
HeapLock
GetAtomNameW
HeapReAlloc
HeapCompact
GetGeoInfoW
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
GetOEMCP
WaitForMultipleObjects
VerifyVersionInfoW
WriteConsoleOutputCharacterA
LocalAlloc
SetMailslotInfo
GetCPInfoExW
SetEnvironmentVariableW
SetCalendarInfoA
GetComputerNameW
GetConsoleWindow
PostQueuedCompletionStatus
SetFileApisToOEM
GetStringTypeA
HeapSize
GetDiskFreeSpaceA
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
EnterCriticalSection
TerminateProcess
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetACP
IsValidCodePage
RtlUnwind
GetLocaleInfoA
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
CloseHandle

Exports

Exports

@GetSecondVice@0

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7f43c61b82d39675f2d712b96d7239e6bdc6d8d0b433e5584d0b9880cbab1775.exe
.exe windows:5 windows x86 arch:x86

ce1fdab3df1e2c070cc03b5d515ae746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\pim\catinu.pdb

Imports

kernel32

SetFilePointer
lstrlenA
SetLocalTime
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
VirtualUnlock
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
SetConsoleTitleW
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
808be17d624056d6cc547b4749299a54bc0564744159c781a02848e2d6cdc6b8.elf
.elf linux arm
81deb49cdc03f2707c4182e7e3cc101c5f44e19bf91a69486296d8744fc263de.exe
.exe windows:5 windows x86 arch:x86

df9f8478a5324ab8dd6d2dd50515fa50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\razerotoxoxu34\tesaxoy\hay-hurifik.pdb

Imports

kernel32

GetFileSize
GlobalDeleteAtom
SetFilePointer
lstrlenA
CopyFileExW
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
FindActCtxSectionStringA
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
GetNamedPipeHandleStateW
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetCalendarInfoW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
Process32NextW
QueryMemoryResourceNotification
WriteProfileStringW
BuildCommDCBA
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
82c9b001894bc2b76a9db0d8f95319baadad4d72d2ccccda16f8805b85e44bf9.elf
.elf linux x86
838edfe6cbf7b8fb1f0d3d99535f15ef22b651fa82a9f31a50c3cae435a0af0c.exe
.exe windows:5 windows x86 arch:x86

a06df199bc5c29ff1f7c13754059d5f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cexududik41\b.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
83d832887ed1b0af95ca14e647463251f0c9660971fddb03d3959647d6faee4d.vbs
.vbs
8419ee75fff55fc9fe7da218feda6f56c05086053967ea09fc6a286f3eda910d.elf
.elf linux sh
844e92a106359b45d3c56e171a2706e6e7e19028e8b1310237b81b9429196ff5.elf
.elf linux x86
85d8cd417a894c7c1a719251b626f9e038410a009f6d2a1a6b820a64d6e6ed2d.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
88efccdbd18a8f217304c67114fba6c25e329e9da1fedbae6e10974980946a2c.exe
.exe windows:5 windows x86 arch:x86

4af0c4da1571e02aa1a31b1c0ae85007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xefuyibav\yadesiyugir 52-sanaxe\temopicafasoso\mocowex.pdb

Imports

kernel32

SetFilePointer
lstrlenA
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GetEnvironmentStrings
GlobalAlloc
LoadLibraryW
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
GetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCurrentDirectoryW
GetProcAddress
GetProcessHeaps
VerLanguageNameA
CreateNamedPipeA
SetStdHandle
SetComputerNameA
BuildCommDCBW
GetLocalTime
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
VirtualLock
WriteProfileStringA
SetConsoleTitleW
VirtualProtect
CompareStringA
GetFileAttributesExW
GetCPInfoExA
_lopen
FindAtomW
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
ReadConsoleOutputCharacterW
GetProfileSectionW
LCMapStringW
CopyFileExA
AreFileApisANSI
CommConfigDialogW
GetModuleHandleA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

user32

GetListBoxInfo
GetMenuInfo

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 430KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
89b9fae297db7b35a1749f0a6c6e322ab31ae7dfc8e877cd48ee9f0119fe94c2.exe
.exe windows:4 windows x86 arch:x86

a1a66d588dcf1394354ebf6ec400c223

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetParent
ScreenToClient
CreateWindowExW
GetDesktopWindow
GetWindowTextLengthW
SetWindowPos
SetTimer
GetMessageW
CopyImage
KillTimer
CharUpperW
SendMessageW
ShowWindow
BringWindowToTop
wsprintfW
MessageBoxW
EndDialog
ReleaseDC
GetWindowDC
GetMenu
GetWindowLongW
GetClassNameA
wsprintfA
DispatchMessageW
SetWindowTextW
GetSysColor
DestroyWindow
MessageBoxA
GetKeyState
IsWindow
GetDlgItem
GetClientRect
GetSystemMetrics
SetWindowLongW
UnhookWindowsHookEx
SetFocus
SystemParametersInfoW
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
GetWindowTextW
GetWindowRect

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
OleLoadPicture
SysAllocString

kernel32

SetFileTime
SetEndOfFile
GetFileInformationByHandle
VirtualFree
GetModuleHandleA
WaitForMultipleObjects
VirtualAlloc
ReadFile
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetEnvironmentVariableW
GetDriveTypeW
CreateFileW
LoadLibraryA
SetThreadLocale
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
WideCharToMultiByte
GetTempPathW
GetCurrentDirectoryW
GetEnvironmentVariableW
lstrcmpiW
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
GetModuleHandleW
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetStdHandle
WriteFile
lstrlenA
CreateDirectoryW
GetFileAttributesW
SetCurrentDirectoryW
GetLocalTime
SystemTimeToFileTime
CreateThread
GetExitCodeThread
Sleep
SetFileAttributesW
GetDiskFreeSpaceExW
SetLastError
GetTickCount
lstrlenW
ExitProcess
lstrcatW
GetProcAddress
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetQueuedCompletionStatus
ResumeThread
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
CreateJobObjectW
GetLastError
CreateProcessW
GetStartupInfoW
GetCommandLineW
GetStartupInfoA

msvcrt

_purecall
??2@YAPAXI@Z
_wtol
memset
memmove
memcpy
_wcsnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc
realloc
free
wcsstr
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
strncmp
wcsncmp
wcsncpy
strncpy
??3@YAXPAX@Z

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8d811dcc22cca98be121dd210d0c3bc3bd4df0705163d6a4f666cc5e0e18ce48.gz
.rar
8f75fa05aebed182cf2bf13cfe8b26720a76d1328fcfeb6eb2b25d65d0f3f6a2.js
.js
920c41d8452f38863c3aef0d289b63c5919ba1ad30d58e31382d797f1d4bbe9a.exe
.exe windows:5 windows x86 arch:x86

e65b83417738f666152fabcdb3753ddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\fugagoj62 zisetuxowixog\rivoromipe\47.pdb

Imports

kernel32

GetConsoleAliasA
InitializeSListHead
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeW
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
IsDebuggerPresent
FindFirstVolumeA
WriteFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
LoadLibraryExW
CopyFileW
AttachConsole
ReleaseActCtx
CreateActCtxW
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
SetSystemPowerState
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExW
SetEnvironmentVariableA
GetFileAttributesExW
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
WriteConsoleW
GetConsoleAliasesLengthA
HeapValidate
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
GetLastError
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP

user32

GetAltTabInfoW
RealChildWindowFromPoint

advapi32

AdjustTokenPrivileges
BackupEventLogA

Sections

.text
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
93ae6d3b1e231afb256b1e0998e02fedfb057483be190c0f4f2fc093160f032e.elf
.elf linux x86
9419f9fe29e0bc64bc666521f777f4a4824d6f201052b80722cb18c23e4339ac.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 500KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9541a8a475645e016ef6a900070e1c5f9044a1d025fdab2769df27adfaed5b26.elf
.elf linux arm
9610051a347d56ae5d91e3a3c471a2d90b5a4e02b2aa714f931d4cbe164eb42c.exe
.exe windows:5 windows x86 arch:x86

4af0c4da1571e02aa1a31b1c0ae85007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\nif-vamojuwaraki-53\muti50\roxeruz\rad.pdb

Imports

kernel32

SetFilePointer
lstrlenA
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GetEnvironmentStrings
GlobalAlloc
LoadLibraryW
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
GetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCurrentDirectoryW
GetProcAddress
GetProcessHeaps
VerLanguageNameA
CreateNamedPipeA
SetStdHandle
SetComputerNameA
BuildCommDCBW
GetLocalTime
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
VirtualLock
WriteProfileStringA
SetConsoleTitleW
VirtualProtect
CompareStringA
GetFileAttributesExW
GetCPInfoExA
_lopen
FindAtomW
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
ReadConsoleOutputCharacterW
GetProfileSectionW
LCMapStringW
CopyFileExA
AreFileApisANSI
CommConfigDialogW
GetModuleHandleA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

user32

GetListBoxInfo
GetMenuInfo

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 946KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9a319a59a74ea745259643aa20057803be6a52de1f86d20261987ffceede9c6f.gz
.rar
9ab3fd9a10978aa74e17f836865f7b97d9db2f755d22e96b851767cdf810a978.exe
.exe windows:5 windows x86 arch:x86

ce1fdab3df1e2c070cc03b5d515ae746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ximucef38\tebe\gasasareteworu cusita.pdb

Imports

kernel32

SetFilePointer
lstrlenA
SetLocalTime
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
VirtualUnlock
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
SetConsoleTitleW
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9ada0fc3f48bb867143b8c2b358420dda4bdaa946a52a8b8b8b9cad008ab6293.exe
.exe windows:5 windows x86 arch:x86

77ea83f3db2bce57a4cf8f786a999acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\luzojuxubin\j.pdb

Imports

kernel32

GetConsoleAliasA
InterlockedPopEntrySList
SetConsoleCP
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeW
CreateMutexW
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryA
IsDebuggerPresent
FindFirstVolumeA
WriteFile
BuildCommDCBA
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ReleaseActCtx
AddRefActCtx
CreateActCtxW
HeapAlloc
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
SetSystemPowerState
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExW
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
SetFileApisToANSI
GetDiskFreeSpaceW
CreateFileA
GetConsoleAliasesLengthA
HeapLock
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
GetLastError
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoW
RealChildWindowFromPoint

advapi32

AdjustTokenPrivileges
BackupEventLogA

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9b00972991e19436c8af32f2c15fe2d2ff92ef4c4687bba4d229c6c5086d7be2.exe
.exe windows:5 windows x86 arch:x86

e08a2aae7cff0b5149ba174a3d48f743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sotevitox\yeximob30\xihavawalufo\sey.pdb

Imports

kernel32

GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
LoadLibraryExW
CopyFileW
AttachConsole
InitializeSListHead
CreateActCtxW
GetSystemWindowsDirectoryA
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExW
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
CloseHandle
ReleaseActCtx
GetConsoleAliasA
GetConsoleAliasesLengthA
LeaveCriticalSection
ReadConsoleOutputW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

BackupEventLogA
AdjustTokenPrivileges

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9b4fae2c14959e9b7c1f313e4419b57c079d4f17a78e770715e4941d0c40d50b.elf
.elf linux mipsbe
9daaf00b40e848eaebeb6df515f681bc9c70bea01c52df3ecd69910c2d3be66d.exe
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-05-2019 00:00

Not After

11-05-2022 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:b4:fe:12:be:ef:f3:35:e9:50:06:66:21:e8:39:1c:bc:92:c9:7e
Signer

Actual PE Digest

37:b4:fe:12:be:ef:f3:35:e9:50:06:66:21:e8:39:1c:bc:92:c9:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a07d69dd026a965b082fd72600f691e6081d3b4132641987330424246d808b4c.exe
.exe windows:5 windows x86 arch:x86

7bb9d345a5fec4fbbf5100d6a3ffbb8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
CreateFileA
GetFileSize
WriteFile
ReadFile
MultiByteToWideChar
CloseHandle
GetFullPathNameW
FindFirstFileExW
FindClose
FindNextFileW
LocalAlloc
GetVersionExA
LocalFree
Sleep
GlobalMemoryStatus
GetFileAttributesA
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
FileTimeToSystemTime
GetLocalTime
CreateFileMappingA
GetFileInformationByHandle
WriteConsoleW
SetEndOfFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
FileTimeToLocalFileTime
GetLastError
FindFirstFileExA
FindNextFileA
EncodePointer
DecodePointer
HeapFree
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
HeapSize
ExitProcess
HeapCreate
GetStdHandle
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetFileType
DeleteCriticalSection
SetEnvironmentVariableW
SetEnvironmentVariableA
GetTimeZoneInformation
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeW
HeapReAlloc
LoadLibraryW
CompareStringW
CreateFileW

user32

GetDesktopWindow

netapi32

NetWkstaGetInfo
NetApiBufferFree
DsRoleGetPrimaryDomainInformation

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a085fcfc2e637396e62d4f2a9e9f6b8bc0b00bd63296332616d3b0021e61d8dc.elf
.elf linux x86
a43ddf11c6e1980bb5f93edeb96d3a1ceb97aed1277f4ac8bb8101b9d87acd3e.doc
.doc windows office2003
a4d1aae1df52a407865b42982ba50ff824c1fcbb63d785297bace71c70f70c5a.elf
.elf linux sh
a651672f98fba458ca8b6861557119c81d12afcb705c457d65dd2b44dcc499fe.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a6d3f74228ee18a19579010cd5fe3cc98f2c53dc43452325ba57a69f1253d7a5.exe
.exe windows:5 windows x86 arch:x86

4cfda23baf1e2e983ddfeca47a5c755a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:6e:cc:08:f8:e4:a6:ed:0c:bf:74:a9:7d:81:30:d0:21:e3:e0:e5
Signer

Actual PE Digest

db:6e:cc:08:f8:e4:a6:ed:0c:bf:74:a9:7d:81:30:d0:21:e3:e0:e5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
Sleep
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
OpenFileMappingW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
SetFileTime
SetFileAttributesW
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetFileAttributesW
FlushFileBuffers
ReadFile
GetFileType
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
GetShortPathNameW
GlobalAlloc
MoveFileW
CreateFileW
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
CreateFileA
GetCPInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
GetDlgItem
ShowWindow
SetWindowLongW
GetDC
ReleaseDC
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadIconW
LoadBitmapW
PostMessageW
GetSysColor
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
GetObjectW
DeleteObject
CreateDIBSection

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
SHGetFileInfoW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a70f3046274661ba28e94997fed32284a261f8725a9cd15d423362ddeccaf6bf.exe
.exe windows:5 windows x86 arch:x86

4af0c4da1571e02aa1a31b1c0ae85007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xefuyibav\yadesiyugir 52-sanaxe\temopicafasoso\mocowex.pdb

Imports

kernel32

SetFilePointer
lstrlenA
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GetEnvironmentStrings
GlobalAlloc
LoadLibraryW
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
GetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCurrentDirectoryW
GetProcAddress
GetProcessHeaps
VerLanguageNameA
CreateNamedPipeA
SetStdHandle
SetComputerNameA
BuildCommDCBW
GetLocalTime
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
VirtualLock
WriteProfileStringA
SetConsoleTitleW
VirtualProtect
CompareStringA
GetFileAttributesExW
GetCPInfoExA
_lopen
FindAtomW
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
ReadConsoleOutputCharacterW
GetProfileSectionW
LCMapStringW
CopyFileExA
AreFileApisANSI
CommConfigDialogW
GetModuleHandleA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

user32

GetListBoxInfo
GetMenuInfo

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 430KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a714b384ead6691104349c6ec14a430ec82d94f170da468f7eb9b59acb4f09c6.exe
.exe windows:5 windows x86 arch:x86

c53e08bb6beec713632928ff71fb4e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dajilezunabaf_wukivoribewubi.pdb

Imports

kernel32

GetCPInfoExW
WriteConsoleInputW
ReadConsoleInputA
GetConsoleAliasA
SetCommTimeouts
InitializeSListHead
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
CreateActCtxW
CopyFileW
AttachConsole
ReleaseActCtx
ReadConsoleOutputW
GetSystemWindowsDirectoryA
GetStringTypeW
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
CloseHandle
GetUserDefaultLangID
LeaveCriticalSection
GetLongPathNameW
GetConsoleAliasesLengthA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

BackupEventLogA
AdjustTokenPrivileges

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a86b77117d5c98ae771f7f1b0e2521010dae92cea62c1756d0b00e8b44448b50.elf
.elf linux arm
aa10d97eda5629a76ab2643d9690afaff0c9460ccadc75bd503b6e89e2e3a370.elf
.elf linux sh
ab6d5e58e5ab6cf751c41021f949486b4b38ebf457fb8354e964fa4a277eb468.zip
.zip
ace3a5e5849c1c00760dfe67add397775f5946333357f5f8dee25cd4363e36b6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
af79bd1c65e032b869d62bbd402d515192f598509f910adfd1185eed5e404a86.elf
.elf linux arm
b0b5a1e0d759397eae6eace41057968789f68dec3bc664ade19fe29bf4780daf.elf
.elf linux sparc
b29e84d6c13eb21da66cd7c7fec21213fbc19b5b19de3f599ead84787a237e38.elf
.elf linux x64
b2b0343499d42e21f26cde2890940fded566e5558966e88fd088091de9367cc2.elf
.elf linux x86
b30c723982534b09ac7736e33151c7093403b96e8cbc0c9aa58bd7cfcb6a7e32.exe
.exe windows:5 windows x86 arch:x86

f072aaf7476b5a5a056c892b505526e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\tiholumitaga\yocu\suyazori.pdb

Imports

kernel32

SetFilePointer
lstrlenA
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
VirtualFreeEx
LoadLibraryW
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
VerLanguageNameA
CreateNamedPipeA
SetStdHandle
SetComputerNameA
BuildCommDCBW
GetLocalTime
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
VirtualLock
SetConsoleWindowInfo
FindAtomA
WriteProfileStringA
SetConsoleTitleW
VirtualProtect
CompareStringA
GetFileAttributesExW
GetCPInfoExA
_lopen
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
GetModuleHandleA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b5dd380d36de73ac0818b2f8c6ea98a93c961f7552c83be8285b887dc7cf52fc.elf
.elf linux mipsbe
b654cc7509e9ae72e91b1481a3517558f2abd29395b422451a8c384ef968dbc5.exe
.exe windows:5 windows x86 arch:x86

f1287ea8340d83d7c6e292a6b7d8dbf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\herayetogata\pon-winiwoza-zavafovi\wojuboba\wajumo22\to.pdb

Imports

kernel32

LeaveCriticalSection
CreateTapePartition
GetLongPathNameA
GetUserDefaultLangID
AddRefActCtx
GetCPInfoExW
WriteConsoleInputA
ReadConsoleInputW
GetConsoleAliasW
SetCommTimeouts
SetConsoleCP
VerifyVersionInfoA
WaitNamedPipeA
CreateMutexA
WriteConsoleW
GetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionA
EnumDateFormatsExA
SetStdHandle
LoadLibraryA
IsDebuggerPresent
FindFirstVolumeW
ReadFile
BuildCommDCBW
FindActCtxSectionStringA
VerLanguageNameW
SetFileApisToANSI
WriteProcessMemory
RequestWakeupLatency
ResetEvent
Sleep
EndUpdateResourceW
GetCPInfo
SetConsoleCtrlHandler
EnumDateFormatsA
GenerateConsoleCtrlEvent
GetCurrentConsoleFont
AttachConsole
GetConsoleAliasesLengthW
ReadConsoleA
ZombifyActCtx
ReadConsoleOutputW
GetSystemWindowsDirectoryA
GetStringTypeW
BuildCommDCBAndTimeoutsA
HeapAlloc
HeapLock
GetAtomNameW
HeapReAlloc
HeapCompact
GetGeoInfoA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetACP
ReleaseMutex
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterA
LocalAlloc
GetMailslotInfo
SetEnvironmentVariableW
GetFileAttributesExW
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
PostQueuedCompletionStatus
AreFileApisANSI
GetStringTypeA
GetDiskFreeSpaceW
SetConsoleTitleA
InitializeSListHead
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RtlUnwind
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetOEMCP
IsValidCodePage
GetLocaleInfoA
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle

advapi32

AdjustTokenGroups

Exports

Exports

@GetSecondVice@0

Sections

.text
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b7352a1e60eb4204feeccd07b867ffc94296146cdd8c871206de42fdbb81e393.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b88dcf779ad54625de99c6473a1df0966da6d3da8e920597690ad4bec625d6dc.elf
.elf linux ppc
b910714d4bc0f2904265be74510d7da3f66cbd4325a8b41b8cdd80a2b980bd2b.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ba0090b2e78627ff5aaa8f5f1b810e0696eab425b9524417ba4c7ce978e463a5.elf
.elf linux arm
baba48d8d23c09f8210d510278bf8e024d83b06b8a7748c1dbf70d274623bb29.elf
.elf linux mipsel
bc10525a0911ba2c9c472e9d7130242e9f4c2c97bb0fce53bc4b97e42f8a2b36.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bccfcb80e393fc9877425baa919e81e57fa7a4f1ef46262c883874204a695e04.elf
.elf linux arm
bd62e723aff056a5f6dd9b9ece4f5ea4bae0a50cc3bdd5f4228fb265c2a96170.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\project\WindowsApp1\WindowsApp1\obj\Debug\koleno.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 822KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bddcc72610c1fc1bf5b6f19e57687c8af6fac1eb1eb7891dfd332772532f0006.elf
.elf linux ppc
be82b75480e948a1b76416478295e255a572f65d0482695e9b93bb5d2e4de66d.elf
.elf linux ppc
bf53b4b404f09c51fc30b4e683f5258b8172e0698ec61837da1e88a9704b37e8.exe
.exe windows:5 windows x86 arch:x86

e08a2aae7cff0b5149ba174a3d48f743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\lefuyuyifunofi\zubukugifupogi50-xepogepus_koweze.pdb

Imports

kernel32

GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoW
WaitNamedPipeA
CreateMutexW
WriteConsoleA
SetLastError
CreateFileA
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryW
RequestDeviceWakeup
FindFirstVolumeA
ReadFile
BuildCommDCBA
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceW
SetConsoleTitleW
SetFilePointer
LoadLibraryExW
CopyFileW
AttachConsole
InitializeSListHead
CreateActCtxW
GetSystemWindowsDirectoryA
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapValidate
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
GetSystemPowerStatus
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExW
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogA
GetConsoleWindow
GetDiskFreeSpaceW
CloseHandle
ReleaseActCtx
GetConsoleAliasA
GetConsoleAliasesLengthA
LeaveCriticalSection
ReadConsoleOutputW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

GetAltTabInfoA

gdi32

GetCharWidth32A

advapi32

BackupEventLogA
AdjustTokenPrivileges

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c203f54c9cb5f39279de31e42b4ecf80fea8005d77c03ff20b1cd7cccd0c0620.exe
.exe windows:5 windows x86 arch:x86

a06df199bc5c29ff1f7c13754059d5f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\pola_87 dodebamamewej keyax\fozapumu.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 992KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c3ffdf4610bd08751b16fd31959ab8b1b2ba312a80e556a15ecdb22b9332c20e.exe
.exe windows:5 windows x86 arch:x86

8d4160993b7ac4c605aacc770ec7a5c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dehub3_fit\nehex\nutayifaji vexufepopit_hapuzuy18 sicagica.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WaitNamedPipeW
CreateMutexA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBA
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
CreateActCtxW
DnsHostnameToComputerNameA
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
SetProcessAffinityMask
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
WriteConsoleW
GetConsoleAliasesLengthA
HeapLock
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP

user32

GetAltTabInfoA
RealChildWindowFromPoint

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c4dc54b87dcead104d9985ab5dc7f09225c658e0680c20aa48b57b87355935f2.elf
.elf linux arm
c56e1cf879977d12e64024cfefded1eed7331c6545ac2bb29e7d56bcd55bf1bc.elf
.elf linux mipsel
c7ca76b5a68d28fa3a58546158bd58f0dccd4cc1e0da08ddbb6ac3b51c92aa99.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c8edb54c03af6e046a59b80ae9c958269e4d30eecbb765da08454daf9c11f308.elf
.elf linux mipsbe
c9459ace7e2f1d2e5a8a2afb4c3b6ab8cc88a0c2ca0d9781c045cc86ef36e6c8.exe
.exe windows:5 windows x86 arch:x86

df9f8478a5324ab8dd6d2dd50515fa50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yilu.pdb

Imports

kernel32

GetFileSize
GlobalDeleteAtom
SetFilePointer
lstrlenA
CopyFileExW
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
FindActCtxSectionStringA
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
GetNamedPipeHandleStateW
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetCalendarInfoW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
Process32NextW
QueryMemoryResourceNotification
WriteProfileStringW
BuildCommDCBA
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c9e444cefaeb799523c48bcc35b9ea8cb36474bd86b0c5af152191ffba754c4e.elf
.elf linux x86
ca479784999f97003acbf7068af8492747bfbf49da6092ff5e279b529fd85d9c.elf
.elf linux mipsbe
cbf2b2eb00bc4a26013a386c1b00264b62c14de3c7ab42fda6565c460ad65c86.exe
.exe windows:5 windows x86 arch:x86

d09a478840961ad890ac4dc4d59be69d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\petesama_yise\wipuke\13\yasaxo.pdb

Imports

kernel32

GetConsoleAliasA
InterlockedPopEntrySList
SetConsoleCP
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WaitNamedPipeW
CreateMutexA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExW
SetStdHandle
LoadLibraryA
IsDebuggerPresent
FindFirstVolumeA
WriteFile
BuildCommDCBA
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
ResetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ReleaseActCtx
AddRefActCtx
CreateActCtxW
HeapAlloc
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
FlushViewOfFile
GetAtomNameA
GlobalSize
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
GetOEMCP
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
CreateFileA
GetConsoleAliasesLengthA
HeapLock
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
GetLastError
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoW

advapi32

AdjustTokenPrivileges
BackupEventLogA

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cd19984ad0bb7e6ceaafcde2e150a0754091ed19ae357db28803b653610b40f4.elf
.elf linux arm
cee813b1e3d30319a08c65602fc350b8d088e07db5b959e29f1584962052f5cf.elf
.elf linux arm
cf1b60af0b79e5fbadeac880b93e4fcd1633fa8b8fbf45a1bf5341ded8740f2e.elf
.elf linux arm
d3467bceb27c8533c1a904b34437aa2fd03963be8085f668a961b113feb75c5c.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d4036c235fca73a67732d884564991184b7a8ea148784f0cd70fa07adbd8e160.exe
.exe windows:5 windows x86 arch:x86

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cazudam86-lakikosez\zusaboda.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
CreateNamedPipeW
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
SetCalendarInfoA
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
FindActCtxSectionStringW
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 501KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d520edc59c5aee94806782d012efa7e0f905e90ce4e177f14cd612e7b8bb17ba.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d6255b4b18e6f07c4708cf6344163dfe3197cf403957bf3085a6a737bb37b038.exe
.exe windows:5 windows x86 arch:x86

df9f8478a5324ab8dd6d2dd50515fa50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yigewinepihig\susazuv\zojefux\gizuhoponagen\gediyome35 fi.pdb

Imports

kernel32

GetFileSize
GlobalDeleteAtom
SetFilePointer
lstrlenA
CopyFileExW
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
FindActCtxSectionStringA
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
GetNamedPipeHandleStateW
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetCalendarInfoW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
Process32NextW
QueryMemoryResourceNotification
WriteProfileStringW
BuildCommDCBA
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 501KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d646e2a0fb1e9d4650ac91ed68b8d9170a089305f280a7928b12ca1c9c425189.elf
.elf linux arm
d75243f3a864399bf3f3d35999e0e8d26225233e9d1ef6219ae8cf6f817bae22.elf
.elf linux mipsbe
d8b42431b63037e8b1a15670af84ec3c3f03fe1e397425d410b82a1a35c388a9.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d8e97b327ea157afd377759204ca29d44475f50030e1321fa6ca4b05d9c4aed0.exe
.exe windows:5 windows x86 arch:x86

8d4160993b7ac4c605aacc770ec7a5c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\juxisemiv6\sefehoy-foyifu\gew36\tadimoviyoruz\wosal\1.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WaitNamedPipeW
CreateMutexA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBA
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
CreateActCtxW
DnsHostnameToComputerNameA
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
SetProcessAffinityMask
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
WriteConsoleW
GetConsoleAliasesLengthA
HeapLock
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP

user32

GetAltTabInfoA
RealChildWindowFromPoint

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d8f8eb080fc088cfe84b0e92fabddaea1f82957fd499504d6582d0220ee0b960.elf
.elf linux mipsel
d8ff9678e79ef65841256baae1bbbccea2ded7d6cb186e2abc2eb87ab0a867e4.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
da1f02cb01833b08e689e3fce11644113e08e92894030f4e5adba928be324765.elf
.elf linux sh
db1b04ed7776bef94dbd281789c49ec4830354006f491eeb0e4c8690d7f8e5f9.elf
.elf linux mipsbe
dd631fc6635483d84cbd3836d4815e2f06107cbe18b16134dd9fca7ea9a4872d.exe
.exe windows:5 windows x86 arch:x86

6c734257ddf94eda6ae0d5d1c88d7157

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\botodezudu\41 nodojofuluwu_fohoj39\tokafi\9.pdb

Imports

kernel32

AddRefActCtx
GetCPInfoExA
WriteConsoleInputA
ReadConsoleInputW
SetTapeParameters
WaitCommEvent
WriteTapemark
SetConsoleCP
VerifyVersionInfoA
WaitNamedPipeW
GetConsoleAliasesW
WriteConsoleW
GetLastError
CreateFileA
DeleteFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
InitializeCriticalSectionAndSpinCount
RequestDeviceWakeup
LoadLibraryA
IsDebuggerPresent
GetLongPathNameW
ReadFile
WriteFile
GetProfileSectionA
BuildCommDCBA
FindActCtxSectionStringW
SetEndOfFile
SetFileShortNameW
WriteProcessMemory
GetFileAttributesW
GetSystemDefaultLCID
PulseEvent
SleepEx
WaitForSingleObject
WaitForMultipleObjects
SetConsoleTextAttribute
AllocConsole
SetConsoleCtrlHandler
SetConsoleTitleA
GenerateConsoleCtrlEvent
GetCurrentConsoleFont
SetConsoleWindowInfo
AttachConsole
GetConsoleAliasesLengthW
ReadConsoleA
GetProcessHeap
BuildCommDCBAndTimeoutsA
GetGeoInfoA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CreateThread
GetProcessHeaps
GetACP
VerifyVersionInfoW
FindAtomA
SetFileApisToOEM
OpenWaitableTimerW
HeapValidate
GetDiskFreeSpaceA
GetTapePosition
EnumDateFormatsW
SetEvent
InterlockedPopEntrySList
GetCommandLineA
GetStartupInfoA
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
MultiByteToWideChar
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP

user32

GetAltTabInfoW

advapi32

AdjustTokenPrivileges
MapGenericMask
AreAnyAccessesGranted
AdjustTokenGroups

Exports

Exports

@GetFirstVice@0
@GetVice@0

Sections

.text
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
deb6d3e8bceb7bbcadcf01a2d3dac675d1a321b88e6cbca173e890160e30187f.elf
.elf linux
ded87ba0973371f6aaefd8a9a8750f7be1bacf816f23e08c43e99bd06daf3006.elf
.elf linux sparc
dfde67b89fe803eba2900ed2d6e4721d4e1cffb5462fc0a9e261b22ad0e38fee.elf
.elf linux sh
e0232585400a3d5eac7dfc96e8244f298ea9a09a6f9dab32c57276236600b728.elf
.elf linux arm
e1130b856161680a39ebf5d759bd25663b598e69b6ef68721933958ac644a496.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e40736bc19f0008189f281f42cdfddf5bcf6a8c70a89e7bccd0aa0eb797edd22.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e586b22c2de9903ebb7d5d5b6944bbb39a7f1bc52f73c928b8f6d777f78ad9be.elf
.elf linux mipsbe
e7a3f0f20b4f8e7d944f067989389d8d7fceea57ae81f89a059116f64c66d5f4.elf
.elf linux mipsbe
e8cb78d559909b23edb3a7f7c62cc9028444cc932773a873ab3f10be4f3449a5.exe
.exe windows:5 windows x86 arch:x86

8d4160993b7ac4c605aacc770ec7a5c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\raru_nozubara\jadewo.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WaitNamedPipeW
CreateMutexA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBA
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
CreateActCtxW
DnsHostnameToComputerNameA
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoA
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExA
SetProcessAffinityMask
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
WriteConsoleW
GetConsoleAliasesLengthA
HeapLock
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP

user32

GetAltTabInfoA
RealChildWindowFromPoint

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ef1eceb9e2de5b7bf7b666f8b575e931a76079e76198e91a539af4f789a39b3b.exe
.exe windows:5 windows x86 arch:x86

a06df199bc5c29ff1f7c13754059d5f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\janesil\lez.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetSystemPowerState
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
efcb3bdfc24f6c61b31aea1b68305f73a77750eecd4186e97614dfc5f80aae71.exe
.exe windows:5 windows x86 arch:x86

df9f8478a5324ab8dd6d2dd50515fa50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xifo\lasokovuhuf\41\gigof\tawasewew\rola\valaluv\lunetow\me.pdb

Imports

kernel32

GetFileSize
GlobalDeleteAtom
SetFilePointer
lstrlenA
CopyFileExW
SetLocalTime
CommConfigDialogA
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GlobalLock
GetComputerNameW
CreateDirectoryExA
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
FindActCtxSectionStringA
TlsSetValue
GlobalAlloc
GetSystemDirectoryW
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
GlobalFlags
GetBinaryTypeA
GetAtomNameW
ReadFile
ExitThread
SetConsoleTitleA
VirtualUnlock
DeactivateActCtx
GetNamedPipeHandleStateW
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
GetComputerNameExW
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetCalendarInfoW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
Process32NextW
QueryMemoryResourceNotification
WriteProfileStringW
BuildCommDCBA
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
DeleteFileA
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f5be0ec35ef75583d71757fee81cff2d190b06fcf5dcd3683ebc2959472556db.exe
.exe windows:5 windows x86 arch:x86

7674305f35b9aa8841472231e8903dc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bumosufiwobos\cuwi muhuxefok\zarawago_heb\vojid57_nibuw.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetConsoleCursorInfo
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapReAlloc
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f5f1dc923fc712513c3482a07e257e9d1053c8edfdd3bc401140cf9b3fa4e2ba.elf
.elf linux arm
f75808a40086a6ad6b1ac55566c551238812d5d03820c5b989e91a2d8d2bef48.elf
.elf linux mipsel
f783fddd213ea27df398d887e7dadecc3ff7a60f4dff68254581a1d2c02a8291.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f7c566ca7413a1259a7bcc120bc431a5ad129438b1e8b9b51c398d5eecfc51a5.exe
.exe windows:5 windows x86 arch:x86

7674305f35b9aa8841472231e8903dc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\payeyivopotij\dotuxecumetu\lujexaxihe62\tebirelahe94 sodixefo.pdb

Imports

kernel32

GetConsoleAliasW
InterlockedPopEntrySList
GetConsoleDisplayMode
CreateConsoleScreenBuffer
GetConsoleCP
VerifyVersionInfoA
WriteConsoleA
SetLastError
CreateFileW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
EnumDateFormatsExA
GetCurrentProcessId
LoadLibraryA
IsDebuggerPresent
SetConsoleCP
FindFirstVolumeW
WriteFile
BuildCommDCBW
VerLanguageNameA
AreFileApisANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceW
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
SetFilePointer
LoadLibraryExA
CopyFileW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
CreateActCtxW
ReadConsoleOutputA
GetProcessHeaps
GetSystemWindowsDirectoryW
GetUserDefaultLCID
BuildCommDCBAndTimeoutsA
HeapAlloc
UnmapViewOfFile
GetAtomNameA
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
SetProcessAffinityMask
WaitForSingleObject
SetConsoleCursorInfo
VerifyVersionInfoW
WriteConsoleOutputCharacterW
SetTimeZoneInformation
GetMailslotInfo
GetCPInfoExA
SetEnvironmentVariableA
GetFileAttributesExA
GetComputerNameW
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
CreateFileA
GetConsoleAliasesLengthA
DnsHostnameToComputerNameA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapReAlloc
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
GetConsoleMode
FlushFileBuffers
CloseHandle
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint
GetAltTabInfoA

advapi32

AdjustTokenGroups
BackupEventLogA

Sections

.text
Size: 976KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f7f418ce65c52970ffe49eed65154513242ff3c6a574e6797fb0cbb8984596c1.elf
.elf linux mipsel
fb53c4089e19cca8c8b8602ef0ae9c9614f3428b31cc7db4486a533d84195f84.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

f2:1d:9b:00:c8:fd:2c:b6
Certificate

Issuer

CN=GridUnitType

Not Before

22-07-2021 10:00

Not After

23-07-2022 07:00

Subject

CN=GridUnitType

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f2:1d:9b:00:c8:fd:2c:b6
Certificate

Issuer

CN=GridUnitType

Not Before

22-07-2021 10:00

Not After

23-07-2022 07:00

Subject

CN=GridUnitType

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:1e:1d:9b:b6:9a:16:fc:6f:d7:b8:19:92:20:c9:46:85:6b:db:78:ee:d6:9d:53:00:7b:85:17:d8:02:50:92
Signer

Actual PE Digest

c2:1e:1d:9b:b6:9a:16:fc:6f:d7:b8:19:92:20:c9:46:85:6b:db:78:ee:d6:9d:53:00:7b:85:17:d8:02:50:92

Digest Algorithm

sha256

PE Digest Matches

true

e5:a5:df:2a:96:20:71:b3:07:95:f0:b6:42:db:13:d5:a7:dc:c1:86
Signer

Actual PE Digest

e5:a5:df:2a:96:20:71:b3:07:95:f0:b6:42:db:13:d5:a7:dc:c1:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fd95b0eb1d2a5650592de694cda956d9dcf0b1c3312fcb3273571f858762ae15.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 958KB - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdab0d14b8ed077af72b54dc7b78f1f458b7fe1d57758d8ed64a26a0d74eff64.exe
.exe windows:5 windows x86 arch:x86

ce1fdab3df1e2c070cc03b5d515ae746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\tubituxuyaci\mowatava76-fecuwut\j.pdb

Imports

kernel32

SetFilePointer
lstrlenA
SetLocalTime
FindResourceExW
MapUserPhysicalPages
FreeLibrary
InterlockedIncrement
GetCommState
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
GlobalLock
GetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetConsoleAliasExesW
WriteFile
TlsSetValue
GlobalAlloc
VirtualFreeEx
LoadLibraryW
GetConsoleMode
_hread
GetCalendarInfoA
GetSystemWow64DirectoryW
SetSystemTimeAdjustment
InitAtomTable
GlobalFlags
GetComputerNameExA
GetBinaryTypeA
GetAtomNameW
ReadFile
GetSystemDirectoryA
GetBinaryTypeW
ExitThread
VirtualUnlock
DeactivateActCtx
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
GetProcessHeaps
CreateNamedPipeA
SetStdHandle
SetComputerNameA
VerLanguageNameW
BuildCommDCBW
LoadLibraryA
Process32FirstW
CreateSemaphoreW
SetConsoleCtrlHandler
SetCurrentDirectoryW
WriteProfileSectionW
SetConsoleWindowInfo
FindAtomA
SetConsoleTitleW
QueryMemoryResourceNotification
WriteProfileStringW
VirtualProtect
CompareStringA
GetFileAttributesExW
_lopen
TlsAlloc
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetCurrentProcessId
GetProfileSectionW
LCMapStringW
CopyFileExA
CommConfigDialogW
GetLastError
WideCharToMultiByte
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
GetCurrentThreadId
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA
GetModuleHandleA

user32

GetMenuInfo
GetListBoxInfo

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fecaade5e7735df84893e7a07e8eecb38298e250379e76cb5c12fb559a64261e.elf
.elf linux arm
ff5e0851fbdedf593a4d10347ce08b9c68ffc262078952a69e578d557aa5a1fc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Password: infected

c53e08bb6beec713632928ff71fb4e4b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 378KB - Virtual size: 378KB

.data Size: 19KB - Virtual size: 4.4MB

.rsrc Size: 93KB - Virtual size: 93KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 990KB - Virtual size: 989KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 698KB - Virtual size: 698KB

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 512B - Virtual size: 12B

f072aaf7476b5a5a056c892b505526e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 163KB - Virtual size: 163KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 139KB - Virtual size: 233KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 16KB - Virtual size: 15KB

67ca1c6568db666b55dba090aa9df715

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 378KB - Virtual size: 378KB

.data
Size: 19KB - Virtual size: 4.4MB

.rsrc
Size: 93KB - Virtual size: 93KB

.text
Size: 990KB - Virtual size: 989KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 698KB - Virtual size: 698KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 163KB - Virtual size: 163KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 139KB - Virtual size: 233KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 139KB - Virtual size: 234KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 232B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 189KB - Virtual size: 189KB

.data
Size: 19KB - Virtual size: 4.4MB

.rsrc
Size: 93KB - Virtual size: 93KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 141KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 512B - Virtual size: 12B