909aaea4a3072305c0bcaab9d7b9cab70990305541db276ab8d870e3fbc51a18

Sharing

Copy URL

Twitter E-mail

General

Target

909aaea4a3072305c0bcaab9d7b9cab70990305541db276ab8d870e3fbc51a18
Size

33.0MB
MD5

e7c4552ea9e58373f3b1dd76236c0817
SHA1

31269b693b8bb5ece8453ce53390d9fddda455ce
SHA256

909aaea4a3072305c0bcaab9d7b9cab70990305541db276ab8d870e3fbc51a18
SHA512

245dd8d99f9aee193e4323b46cd88ee199b9629a6803f472ef783d63cdd865f3005c5fc69d397d5f3bfe8442be3a89af127a1076034e95f53148260fea641dcc
SSDEEP

786432:W1IA9R2OjsC0K4hXdp6oOi6U3SIJvdt4DUbcSIJvdt4A4HRXIQt74t59nC1y57Iz:qF91sC0K4NVhouMohobC1GJFs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/OvVYhhgvd6ZhUony5cRMqVoB.exe	themida
static1/unpack001/QKvpJeDIaPtXDcwKwH_WmAYY.exe	themida
static1/unpack001/Wp77te7DqjxTjTIGMDSB0RHr.exe	themida
static1/unpack001/XOCYAkm_NnnfPmgVDNgu9MQ3.exe	themida
static1/unpack001/Xr9ca9oQNQWbUwEgChRmX6Z9.exe	themida
static1/unpack001/q_TzaanAkp60Doa2Vt025l91.exe	themida

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Mr4X5srRQR20TfuVZShfsrAN.exe
unpack001/OEmxRS9UaiMPqIKXPz6Ef8jI.exe
unpack001/QxZsdXOO8Xn2bW7iW8ff3gjN.exe
unpack001/SHSPDO6BYDV7xlwsZDJxsLj9.exe
unpack001/SqCuVl85T1P8OuH3gpVMKnDi.exe
unpack001/T8Ulrjj8F65YXJ2qZEm11v_x.exe
unpack001/Uwc7l02HzjEVLDdBFF3ZKItU.exe
unpack001/VoTrXaqIJ3vc2GnUIU6Wi5LW.exe
unpack001/Xd_XnNqsZTJJf8dCq4s_mlAi.exe
unpack001/XukfUfK8HAbjc5wMknHwOhFI.exe
unpack001/YPTXDeqMC118ip3zHbyxwlns.exe
unpack001/ma_5nZD3yos0uV8jzHnJSVxT.exe
unpack001/pnDF_dk604_fxVsUaLPL1Vfi.exe
unpack001/rgVakr0EruC2FtauFmrgXkxw.exe
unpack001/t1fkwFYUEZVXvf_7oFFpVnr4.exe
unpack001/tC6gdsFTgl9CBMrK_2QhZX3x.exe
unpack001/uMWmES83oduRUCtOU5jzfQkJ.exe
unpack001/wTzxLyAQL7H5FI0GIaor5FbA.exe
unpack001/xiGD01oEkhh5s50F0Mw8lPVJ.exe

Files

909aaea4a3072305c0bcaab9d7b9cab70990305541db276ab8d870e3fbc51a18
.rar
Mr4X5srRQR20TfuVZShfsrAN.exe
.exe windows:5 windows x86 arch:x86

ad1c5bf15a899fcfef408e3485448e67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\siwuzux-deliwacecojig18\pihukirazab_yudavatu\vutumewu.pdb

Imports

kernel32

SetFilePointer
lstrlenA
GetDriveTypeW
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
CompareFileTime
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
WaitForSingleObject
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
VirtualFree
GetConsoleAliasesLengthA
GetPrivateProfileStringW
WaitNamedPipeW
WriteFile
SetCommState
GetCommandLineA
TlsSetValue
GetPriorityClass
GlobalAlloc
GetConsoleMode
TerminateThread
CopyFileW
GetVersionExW
SetConsoleMode
IsProcessorFeaturePresent
GetBinaryTypeA
GetOverlappedResult
CompareStringW
SetThreadContext
GlobalUnlock
VerifyVersionInfoW
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
SetCurrentDirectoryA
GetCPInfoExW
OpenMutexW
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
WriteProfileSectionA
ResetEvent
OpenWaitableTimerA
LoadLibraryA
CreateSemaphoreW
WriteProfileSectionW
HeapWalk
FindAtomA
Process32NextW
WriteProfileStringA
GetModuleHandleA
FindFirstChangeNotificationA
EnumResourceNamesA
GetConsoleCursorInfo
FatalAppExitA
GetCurrentThreadId
GetSystemTime
LCMapStringW
CopyFileExA
DeleteFileA
GetStartupInfoW
UnregisterWait
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
TlsGetValue
TlsAlloc
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers

gdi32

GetCharWidthW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 31.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OEmxRS9UaiMPqIKXPz6Ef8jI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 586KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OvVYhhgvd6ZhUony5cRMqVoB.exe
.exe windows:4 windows x86 arch:x86

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-10-2020 00:00

Not After

24-10-2022 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:ca:86:8f:22:c6:23:95:ce:03:17:eb:7b:ae:12:c0:60:6c:a3:42
Signer

Actual PE Digest

06:ca:86:8f:22:c6:23:95:ce:03:17:eb:7b:ae:12:c0:60:6c:a3:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 96KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

| ⚛️
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QKvpJeDIaPtXDcwKwH_WmAYY.exe
.exe windows:4 windows x86 arch:x86

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-10-2020 00:00

Not After

24-10-2022 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:4a:15:b6:c0:fa:b9:f1:27:50:24:12:fe:ac:42:8a:11:23:e5:3e
Signer

Actual PE Digest

f4:4a:15:b6:c0:fa:b9:f1:27:50:24:12:fe:ac:42:8a:11:23:e5:3e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 27KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

| ⚛️
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QwnNK2SHckcc_GsoTwi8hDi5.exe
.xml
QxZsdXOO8Xn2bW7iW8ff3gjN.exe
.exe windows:5 windows x86 arch:x86

ab6a8b01372d51e7fed6c22dcfc42852

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yanoy_lakupozejo.pdb

Imports

kernel32

GetCommandLineW
FileTimeToDosDateTime
SetThreadContext
GetNativeSystemInfo
SetFilePointer
lstrlenA
CopyFileExW
TlsGetValue
InterlockedIncrement
GetQueuedCompletionStatus
GetCommState
InterlockedDecrement
GetSystemWindowsDirectoryW
GlobalLock
WaitForSingleObject
SetEvent
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
CreateNamedPipeW
VirtualFree
GetConsoleAliasesLengthA
GetDriveTypeA
GetPriorityClass
LoadLibraryW
GetConsoleMode
TerminateThread
GetVersionExW
SetConsoleMode
SetConsoleCursorPosition
ReadFile
GetOverlappedResult
CompareStringW
GetStartupInfoW
GetNamedPipeHandleStateW
GetPrivateProfileIntW
CreateDirectoryA
GetFileSizeEx
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
CopyFileA
GetPrivateProfileStringA
LoadLibraryA
OpenMutexA
LocalAlloc
IsSystemResumeAutomatic
SetCurrentDirectoryW
WriteProfileSectionW
HeapWalk
SetNamedPipeHandleState
Process32NextW
SetConsoleTitleW
FindFirstChangeNotificationA
FreeEnvironmentStringsW
EnumResourceNamesA
FatalAppExitA
GetCurrentThreadId
GetCPInfoExA
FindAtomW
GetSystemTime
LCMapStringW
DeleteFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
CloseHandle
GetModuleHandleA

user32

GetTitleBarInfo

winhttp

WinHttpReadData

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 31.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QzUu4XgUxQuvhFNx7Nf5D6C3.exe
.exe windows:5 windows x86 arch:x86

ad1c5bf15a899fcfef408e3485448e67

Code Sign

12:70:05:0c:3c:f4:64:de:c1:b8:b0:a8:af:d7:d6:f1
Certificate

Issuer

POSTALCODE=10051

Not Before

21-08-2021 03:03

Not After

21-08-2022 03:03

Subject

POSTALCODE=10051

95:cb:31:f1:cd:a9:ae:1f:48:98:5d:be:2c:9d:ce:7f:d9:4f:b9:9c:5b:34:e3:f0:6f:eb:bd:6d:9d:ef:c8:f8
Signer

Actual PE Digest

95:cb:31:f1:cd:a9:ae:1f:48:98:5d:be:2c:9d:ce:7f:d9:4f:b9:9c:5b:34:e3:f0:6f:eb:bd:6d:9d:ef:c8:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vevexokecikayu\dohopocu24.pdb

Imports

kernel32

SetFilePointer
lstrlenA
GetDriveTypeW
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
CompareFileTime
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
WaitForSingleObject
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
VirtualFree
GetConsoleAliasesLengthA
GetPrivateProfileStringW
WaitNamedPipeW
WriteFile
SetCommState
GetCommandLineA
TlsSetValue
GetPriorityClass
GlobalAlloc
GetConsoleMode
TerminateThread
CopyFileW
GetVersionExW
SetConsoleMode
IsProcessorFeaturePresent
GetBinaryTypeA
GetOverlappedResult
CompareStringW
SetThreadContext
GlobalUnlock
VerifyVersionInfoW
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
SetCurrentDirectoryA
GetCPInfoExW
OpenMutexW
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
WriteProfileSectionA
ResetEvent
OpenWaitableTimerA
LoadLibraryA
CreateSemaphoreW
WriteProfileSectionW
HeapWalk
FindAtomA
Process32NextW
WriteProfileStringA
GetModuleHandleA
FindFirstChangeNotificationA
EnumResourceNamesA
GetConsoleCursorInfo
FatalAppExitA
GetCurrentThreadId
GetSystemTime
LCMapStringW
CopyFileExA
DeleteFileA
GetStartupInfoW
UnregisterWait
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
TlsGetValue
TlsAlloc
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers

gdi32

GetCharWidthW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 35.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SHSPDO6BYDV7xlwsZDJxsLj9.exe
.exe windows:5 windows x86 arch:x86

ab6a8b01372d51e7fed6c22dcfc42852

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yanoy_lakupozejo.pdb

Imports

kernel32

GetCommandLineW
FileTimeToDosDateTime
SetThreadContext
GetNativeSystemInfo
SetFilePointer
lstrlenA
CopyFileExW
TlsGetValue
InterlockedIncrement
GetQueuedCompletionStatus
GetCommState
InterlockedDecrement
GetSystemWindowsDirectoryW
GlobalLock
WaitForSingleObject
SetEvent
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
CreateNamedPipeW
VirtualFree
GetConsoleAliasesLengthA
GetDriveTypeA
GetPriorityClass
LoadLibraryW
GetConsoleMode
TerminateThread
GetVersionExW
SetConsoleMode
SetConsoleCursorPosition
ReadFile
GetOverlappedResult
CompareStringW
GetStartupInfoW
GetNamedPipeHandleStateW
GetPrivateProfileIntW
CreateDirectoryA
GetFileSizeEx
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
CopyFileA
GetPrivateProfileStringA
LoadLibraryA
OpenMutexA
LocalAlloc
IsSystemResumeAutomatic
SetCurrentDirectoryW
WriteProfileSectionW
HeapWalk
SetNamedPipeHandleState
Process32NextW
SetConsoleTitleW
FindFirstChangeNotificationA
FreeEnvironmentStringsW
EnumResourceNamesA
FatalAppExitA
GetCurrentThreadId
GetCPInfoExA
FindAtomW
GetSystemTime
LCMapStringW
DeleteFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
CloseHandle
GetModuleHandleA

user32

GetTitleBarInfo

winhttp

WinHttpReadData

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 31.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SqCuVl85T1P8OuH3gpVMKnDi.exe
.exe windows:5 windows x86 arch:x86

290057969690a7d76b2c7d89d0ec8c78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jun.pdb

Imports

kernel32

SetFilePointer
lstrlenA
CopyFileExW
InterlockedIncrement
GetQueuedCompletionStatus
GetCommState
InterlockedDecrement
CompareFileTime
GetNamedPipeHandleStateA
GlobalLock
WaitForSingleObject
SetEvent
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
CreateNamedPipeW
VirtualFree
GetConsoleAliasesLengthA
GetPrivateProfileStringW
GetCommandLineA
GetDriveTypeA
TlsSetValue
GetPriorityClass
GlobalAlloc
GetConsoleMode
TerminateThread
GetSystemWindowsDirectoryA
SetConsoleMode
IsProcessorFeaturePresent
ReadFile
GetBinaryTypeW
GetOverlappedResult
CompareStringW
SetThreadContext
GetPrivateProfileIntW
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
SetCurrentDirectoryA
OpenMutexW
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
CopyFileA
LoadLibraryA
CreateSemaphoreW
WriteProfileSectionW
HeapWalk
Process32NextW
SetConsoleTitleW
GetModuleHandleA
FindFirstChangeNotificationA
EnumResourceNamesA
WriteProfileStringW
GetConsoleCursorInfo
FatalAppExitA
GetCurrentThreadId
GetCPInfoExA
GetVersionExA
FindAtomW
FindActCtxSectionStringW
UnregisterWaitEx
GetSystemTime
LCMapStringW
DeleteFileA
GetStartupInfoW
UnregisterWait
WideCharToMultiByte
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsFree
SetLastError
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
GetModuleFileNameA
WriteFile
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
CloseHandle

gdi32

GetCharWidthW

winhttp

WinHttpCloseHandle

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 31.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
T8Ulrjj8F65YXJ2qZEm11v_x.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 583KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Trj0QcTNVE3l8SBp_3LNLFS9.exe
.exe windows:5 windows x86 arch:x86

ad1c5bf15a899fcfef408e3485448e67

Code Sign

12:70:05:0c:3c:f4:64:de:c1:b8:b0:a8:af:d7:d6:f1
Certificate

Issuer

POSTALCODE=10051

Not Before

21-08-2021 03:03

Not After

21-08-2022 03:03

Subject

POSTALCODE=10051

95:cb:31:f1:cd:a9:ae:1f:48:98:5d:be:2c:9d:ce:7f:d9:4f:b9:9c:5b:34:e3:f0:6f:eb:bd:6d:9d:ef:c8:f8
Signer

Actual PE Digest

95:cb:31:f1:cd:a9:ae:1f:48:98:5d:be:2c:9d:ce:7f:d9:4f:b9:9c:5b:34:e3:f0:6f:eb:bd:6d:9d:ef:c8:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vevexokecikayu\dohopocu24.pdb

Imports

kernel32

SetFilePointer
lstrlenA
GetDriveTypeW
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
CompareFileTime
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
WaitForSingleObject
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
VirtualFree
GetConsoleAliasesLengthA
GetPrivateProfileStringW
WaitNamedPipeW
WriteFile
SetCommState
GetCommandLineA
TlsSetValue
GetPriorityClass
GlobalAlloc
GetConsoleMode
TerminateThread
CopyFileW
GetVersionExW
SetConsoleMode
IsProcessorFeaturePresent
GetBinaryTypeA
GetOverlappedResult
CompareStringW
SetThreadContext
GlobalUnlock
VerifyVersionInfoW
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
SetCurrentDirectoryA
GetCPInfoExW
OpenMutexW
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
WriteProfileSectionA
ResetEvent
OpenWaitableTimerA
LoadLibraryA
CreateSemaphoreW
WriteProfileSectionW
HeapWalk
FindAtomA
Process32NextW
WriteProfileStringA
GetModuleHandleA
FindFirstChangeNotificationA
EnumResourceNamesA
GetConsoleCursorInfo
FatalAppExitA
GetCurrentThreadId
GetSystemTime
LCMapStringW
CopyFileExA
DeleteFileA
GetStartupInfoW
UnregisterWait
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
TlsGetValue
TlsAlloc
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers

gdi32

GetCharWidthW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 35.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uwc7l02HzjEVLDdBFF3ZKItU.exe
.exe windows:6 windows x64 arch:x64

045715ac29c84a0e47dab339e337bc06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

calc.pdb

Imports

shell32

ord165
ShellAboutW
SHGetSpecialFolderPathW

shlwapi

ord225

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetPageUnit
GdipDrawLineI
GdipDrawArcI
GdipFillRectangleI
GdipCloneImage
GdipCreateBitmapFromScan0
GdipDeletePen
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipCloneBitmapAreaI
GdipCreatePen1
GdipDisposeImage
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
EventUnregister
EventRegister
RegCloseKey
RegCreateKeyExW
EventWrite

oleaut32

SysStringLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
SysAllocString

uxtheme

IsThemeActive

ole32

CoUninitialize
CoInitialize
CoCreateInstance

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
ord413
ord410
ord380
ord392

ntdll

WinSqmAddToStreamEx
WinSqmAddToStream

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
lstrlenA
GetModuleHandleW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
GetSystemTime
WaitForSingleObject
CreateEventW
CreateThread
ResetEvent
SetEvent
CloseHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcmpW
MulDiv
GlobalFindAtomW
FindResourceW
GetLastError
MultiByteToWideChar
GetLocalTime
GetDateFormatW
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
LoadLibraryW
GetProcAddress
GetLocaleInfoEx
FreeLibrary
LocalFree
LocalAlloc
LocalReAlloc
GetProfileStringW
lstrlenW
CompareStringW
RegisterApplicationRecoveryCallback
ApplicationRecoveryInProgress
Sleep
ApplicationRecoveryFinished
RegisterApplicationRestart
GetTempFileNameW
SystemTimeToFileTime
CompareFileTime
GetFileAttributesW
FileTimeToSystemTime
CreateFileW
DeleteFileW
LeaveCriticalSection
DeleteCriticalSection
SetLastError
GetModuleHandleExW
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
DelayLoadFailureHook
ResolveDelayLoadedAPI
HeapReAlloc
HeapAlloc
WideCharToMultiByte
FindResourceExW
HeapDestroy

user32

OpenClipboard
GetClipboardData
InvalidateRect
CloseClipboard
EmptyClipboard
SetClipboardData
PostQuitMessage
DefWindowProcW
LoadAcceleratorsW
InsertMenuItemW
RegisterClassExW
SetWindowPlacement
SetForegroundWindow
GetMessageW
TranslateAcceleratorW
GetMessageExtraInfo
TranslateMessage
DispatchMessageW
GetKeyState
IsDialogMessageW
GetClassNameW
GetDC
ReleaseDC
GetSystemMetrics
GetWindowLongW
EnumChildWindows
DrawTextW
SetPropW
SystemParametersInfoW
CheckRadioButton
UpdateWindow
SendDlgItemMessageW
IsDlgButtonChecked
MoveWindow
SetDlgItemInt
GetDlgItemInt
FillRect
GetNextDlgTabItem
MonitorFromWindow
GetMonitorInfoW
OffsetRect
EqualRect
MonitorFromRect
GetClassWord
EnumDesktopWindows
EnumDisplayMonitors
IntersectRect
CopyRect
CreateDialogParamW
GetFocus
CreatePopupMenu
TrackPopupMenu
IsClipboardFormatAvailable
CharNextA
IsWindowEnabled
PostMessageW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
GetWindowLongPtrW
SetWindowLongPtrW
SetWindowLongW
SetClassLongW
SetWindowTextW
GetWindowPlacement
CheckMenuItem
GetSysColor
SetClassLongPtrW
GetClassLongPtrW
DrawMenuBar
SetMenuItemInfoW
AppendMenuW
LoadStringW
GetSubMenu
RemoveMenu
CheckMenuRadioItem
SetFocus
MapWindowPoints
EnableMenuItem
GetMenu
GetClientRect
ShowWindow
CreateWindowExW
DestroyWindow
DialogBoxParamW
EndDialog
SetWindowPos
GetDlgItem
GetWindowRect
SendMessageW
MessageBeep
LoadCursorW
SetCursor
LoadImageW
UnregisterClassA
GetProcessDefaultLayout
GetMenuState
GetParent

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

winmm

timeGetTime

gdi32

CreateDIBSection
GetStockObject
SetBkColor
SetBkMode
CreatePatternBrush
DeleteObject
DeleteDC
EqualRgn
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
GetRgnBox
LineTo
MoveToEx
ExtCreatePen
GetObjectW
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
SetTextColor
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
SelectObject
GetTextExtentPointW

msvcrt

difftime
memmove
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
memcpy
___mb_cur_max_func
_errno
__mb_cur_max
__crtGetStringTypeW
__crtLCMapStringW
__uncaught_exception
isspace
tolower
abort
isalnum
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
time
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
mbstowcs_s
exit
isdigit
isxdigit
toupper
_purecall
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
free
isalpha
wcstoul
strcspn
memchr
_wcsrev
strchr
_strtoui64
_strtoi64
sprintf_s
_wtoi64
_i64tow_s
_wcsdup
localeconv
iswalpha
iswdigit
_wcslwr_s
_wcsnicmp
wcsncmp
_itow_s
calloc
wcschr
_wcsicmp
_itoa
_wtoi
_vsnwprintf
wcscat_s
wcscpy_s
_exit
wcstol
wcscmp

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VoTrXaqIJ3vc2GnUIU6Wi5LW.exe
.exe windows:5 windows x86 arch:x86

ad1c5bf15a899fcfef408e3485448e67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\siwuzux-deliwacecojig18\pihukirazab_yudavatu\vutumewu.pdb

Imports

kernel32

SetFilePointer
lstrlenA
GetDriveTypeW
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
CompareFileTime
GetSystemWindowsDirectoryW
GetNamedPipeHandleStateA
WaitForSingleObject
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
VirtualFree
GetConsoleAliasesLengthA
GetPrivateProfileStringW
WaitNamedPipeW
WriteFile
SetCommState
GetCommandLineA
TlsSetValue
GetPriorityClass
GlobalAlloc
GetConsoleMode
TerminateThread
CopyFileW
GetVersionExW
SetConsoleMode
IsProcessorFeaturePresent
GetBinaryTypeA
GetOverlappedResult
CompareStringW
SetThreadContext
GlobalUnlock
VerifyVersionInfoW
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
SetCurrentDirectoryA
GetCPInfoExW
OpenMutexW
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
WriteProfileSectionA
ResetEvent
OpenWaitableTimerA
LoadLibraryA
CreateSemaphoreW
WriteProfileSectionW
HeapWalk
FindAtomA
Process32NextW
WriteProfileStringA
GetModuleHandleA
FindFirstChangeNotificationA
EnumResourceNamesA
GetConsoleCursorInfo
FatalAppExitA
GetCurrentThreadId
GetSystemTime
LCMapStringW
CopyFileExA
DeleteFileA
GetStartupInfoW
UnregisterWait
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
TlsGetValue
TlsAlloc
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers

gdi32

GetCharWidthW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 31.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Wp77te7DqjxTjTIGMDSB0RHr.exe
.exe windows:4 windows x86 arch:x86

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-10-2020 00:00

Not After

24-10-2022 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:c4:2e:88:25:71:b1:4c:39:80:00:28:f9:e3:ca:15:1c:a7:c4:1d
Signer

Actual PE Digest

91:c4:2e:88:25:71:b1:4c:39:80:00:28:f9:e3:ca:15:1c:a7:c4:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 31KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

| ⚛️
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XOCYAkm_NnnfPmgVDNgu9MQ3.exe
.exe windows:4 windows x86 arch:x86

Code Sign

24:69:26:63:ef:6c:0c:0a:3b:23:cf:a3:10:c3:64:9b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16-03-2018 00:00

Not After

16-03-2022 23:59

Subject

CN=Akeo Consulting,O=Akeo Consulting,POSTALCODE=F92 D667,STREET=24 Grey Rock,L=Milford,ST=Co. Donegal,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

88:e8:e2:de:9e:f7:34:5a:af:89:eb:03:a4:b0:32:6e:ba:bf:02:1b:c3:ec:9e:9b:8d:a1:4a:a4:aa:67:4a:e0
Signer

Actual PE Digest

88:e8:e2:de:9e:f7:34:5a:af:89:eb:03:a4:b0:32:6e:ba:bf:02:1b:c3:ec:9e:9b:8d:a1:4a:a4:aa:67:4a:e0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Xd_XnNqsZTJJf8dCq4s_mlAi.exe
.exe windows:5 windows x86 arch:x86

4dcb3c3a3fe5e134dd41266130cc79d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wifidazelocini\zupet8.pdb

Imports

kernel32

GetCommandLineW
FileTimeToDosDateTime
SetThreadContext
GetNativeSystemInfo
SetFilePointer
lstrlenA
CopyFileExW
TlsGetValue
InterlockedIncrement
GetQueuedCompletionStatus
GetCommState
InterlockedDecrement
GetSystemWindowsDirectoryW
GlobalLock
WaitForSingleObject
SetEvent
FreeEnvironmentStringsA
GetTickCount
CreateNamedPipeW
VirtualFree
GetConsoleAliasesLengthA
GetSystemTimeAsFileTime
QueryActCtxW
GetDriveTypeA
GetPriorityClass
LoadLibraryW
GetConsoleMode
GetVersionExW
SetConsoleMode
SetConsoleCursorPosition
GetOverlappedResult
CompareStringW
GetStartupInfoW
GetNamedPipeHandleStateW
LCMapStringA
GetPrivateProfileIntW
CreateDirectoryA
GetFileSizeEx
GetCPInfoExW
GetLastError
IsDBCSLeadByteEx
GetProcAddress
CopyFileA
GetPrivateProfileStringA
LoadLibraryA
OpenMutexA
LocalAlloc
IsSystemResumeAutomatic
SetCurrentDirectoryW
WriteProfileSectionW
HeapWalk
SetNamedPipeHandleState
Process32NextW
SetConsoleTitleW
FindFirstChangeNotificationA
FreeEnvironmentStringsW
EnumResourceNamesA
FatalAppExitA
GetCurrentThreadId
OpenSemaphoreW
FindAtomW
ReadConsoleOutputCharacterW
GetSystemTime
DeleteFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
CloseHandle
GetModuleHandleA

user32

GetTitleBarInfo

winhttp

WinHttpReadData

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 31.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Xr9ca9oQNQWbUwEgChRmX6Z9.exe
.exe windows:4 windows x86 arch:x86

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-10-2020 00:00

Not After

24-10-2022 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:c4:2e:88:25:71:b1:4c:39:80:00:28:f9:e3:ca:15:1c:a7:c4:1d
Signer

Actual PE Digest

91:c4:2e:88:25:71:b1:4c:39:80:00:28:f9:e3:ca:15:1c:a7:c4:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 31KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

| ⚛️
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XukfUfK8HAbjc5wMknHwOhFI.exe
.exe windows:5 windows x86 arch:x86

0b53c587d92252505a138d0d9f3f823f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb

Imports

kernel32

GetLastError
SetLastError
CreateFileW
CloseHandle
WriteFile
GetStdHandle
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileType
ReadFile
SetFileTime
GetFileAttributesW
SetFileAttributesW
MoveFileW
DeleteFileW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
FoldStringW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
Sleep
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
GetLocalTime
OpenFileMappingW
LoadLibraryW
GetSystemDirectoryW
ExitProcess
FreeConsole
WriteConsoleW
AttachConsole
AllocConsole
CompareStringW
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
LocalAlloc
InterlockedExchange
LoadLibraryA
RaiseException
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
YPTXDeqMC118ip3zHbyxwlns.exe
.exe windows:5 windows x86 arch:x86

0b53c587d92252505a138d0d9f3f823f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb

Imports

kernel32

GetLastError
SetLastError
CreateFileW
CloseHandle
WriteFile
GetStdHandle
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileType
ReadFile
SetFileTime
GetFileAttributesW
SetFileAttributesW
MoveFileW
DeleteFileW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
FoldStringW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
Sleep
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
GetLocalTime
OpenFileMappingW
LoadLibraryW
GetSystemDirectoryW
ExitProcess
FreeConsole
WriteConsoleW
AttachConsole
AllocConsole
CompareStringW
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
LocalAlloc
InterlockedExchange
LoadLibraryA
RaiseException
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ma_5nZD3yos0uV8jzHnJSVxT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pnDF_dk604_fxVsUaLPL1Vfi.exe
.exe windows:5 windows x86 arch:x86

290057969690a7d76b2c7d89d0ec8c78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jun.pdb

Imports

kernel32

SetFilePointer
lstrlenA
CopyFileExW
InterlockedIncrement
GetQueuedCompletionStatus
GetCommState
InterlockedDecrement
CompareFileTime
GetNamedPipeHandleStateA
GlobalLock
WaitForSingleObject
SetEvent
OpenSemaphoreA
FreeEnvironmentStringsA
GetTickCount
CreateNamedPipeW
VirtualFree
GetConsoleAliasesLengthA
GetPrivateProfileStringW
GetCommandLineA
GetDriveTypeA
TlsSetValue
GetPriorityClass
GlobalAlloc
GetConsoleMode
TerminateThread
GetSystemWindowsDirectoryA
SetConsoleMode
IsProcessorFeaturePresent
ReadFile
GetBinaryTypeW
GetOverlappedResult
CompareStringW
SetThreadContext
GetPrivateProfileIntW
CreateDirectoryA
ReleaseActCtx
GetFileSizeEx
SetCurrentDirectoryA
OpenMutexW
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
CopyFileA
LoadLibraryA
CreateSemaphoreW
WriteProfileSectionW
HeapWalk
Process32NextW
SetConsoleTitleW
GetModuleHandleA
FindFirstChangeNotificationA
EnumResourceNamesA
WriteProfileStringW
GetConsoleCursorInfo
FatalAppExitA
GetCurrentThreadId
GetCPInfoExA
GetVersionExA
FindAtomW
FindActCtxSectionStringW
UnregisterWaitEx
GetSystemTime
LCMapStringW
DeleteFileA
GetStartupInfoW
UnregisterWait
WideCharToMultiByte
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsFree
SetLastError
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
GetModuleFileNameA
WriteFile
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
CloseHandle

gdi32

GetCharWidthW

winhttp

WinHttpCloseHandle

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 31.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
q_TzaanAkp60Doa2Vt025l91.exe
.exe windows:4 windows x86 arch:x86

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-10-2020 00:00

Not After

24-10-2022 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:b6:dc:85:ab:29:8b:15:90:fa:52:4d:e6:ee:46:e0:00:5c:aa:6a
Signer

Actual PE Digest

5a:b6:dc:85:ab:29:8b:15:90:fa:52:4d:e6:ee:46:e0:00:5c:aa:6a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 52KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

| ⚛️
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rgVakr0EruC2FtauFmrgXkxw.exe
.exe windows:5 windows x86 arch:x86

5c06a288f07d43206aca52d5d94444b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudozik\kahe 48-vayoyu\zumi\63-kohoyidovebeme49\yepafor.pdb

Imports

kernel32

SetThreadContext
SetFilePointer
lstrlenA
CopyFileExW
TlsGetValue
SetLocalTime
InterlockedIncrement
GetQueuedCompletionStatus
GetCommState
InterlockedDecrement
CompareFileTime
GlobalLock
WaitForSingleObject
SetEvent
OpenSemaphoreA
GetTickCount
CreateNamedPipeW
VirtualFree
GetConsoleAliasesLengthA
GetCommandLineA
GetDriveTypeA
GetPriorityClass
GetConsoleMode
TerminateThread
GetSystemWindowsDirectoryA
GetVersionExW
SetConsoleMode
IsProcessorFeaturePresent
SetConsoleCursorPosition
ReadFile
GetOverlappedResult
CompareStringW
GetStartupInfoW
GetNamedPipeHandleStateW
GetPrivateProfileIntW
CreateDirectoryA
GetFileSizeEx
SetCurrentDirectoryA
SetThreadLocale
GetLastError
IsDBCSLeadByteEx
ReadConsoleOutputCharacterA
GetProcAddress
CopyFileA
GetPrivateProfileStringA
LoadLibraryA
OpenMutexA
LocalAlloc
IsSystemResumeAutomatic
WriteProfileSectionW
HeapWalk
SetNamedPipeHandleState
SetConsoleTitleW
FindFirstChangeNotificationA
FreeEnvironmentStringsW
EnumResourceNamesA
WriteProfileStringW
FatalAppExitA
GetCurrentThreadId
GetCPInfoExA
FindAtomW
LCMapStringW
DeleteFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
GetConsoleCP
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
CloseHandle
GetModuleHandleA

user32

GetTitleBarInfo

winhttp

WinHttpCloseHandle

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 405KB - Virtual size: 31.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
t1fkwFYUEZVXvf_7oFFpVnr4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tC6gdsFTgl9CBMrK_2QhZX3x.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 945KB - Virtual size: 945KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tGeiUalbScQ8sPK2KKmKZNga.exe
.xml
uMWmES83oduRUCtOU5jzfQkJ.exe
.exe windows:5 windows x86 arch:x86

fac82e460e0af4a20b962e39865b89c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\watuyawewucas82\xihi86\muhemozedipine.pdb

Imports

kernel32

SetLocalTime
WriteConsoleOutputW
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
WaitForSingleObject
SetEvent
GetSystemDefaultLCID
GetModuleHandleW
GetConsoleAliasesLengthA
GetConsoleTitleA
GetCompressedFileSizeW
CreateActCtxW
InitializeCriticalSection
GetConsoleCP
GlobalAlloc
GetSystemDirectoryW
GetFileAttributesA
lstrcpynW
SetConsoleCursorPosition
VerifyVersionInfoA
HeapQueryInformation
WritePrivateProfileSectionW
IsBadWritePtr
GetModuleFileNameW
CreateFileW
EnumDateFormatsExW
lstrcatA
GetACP
lstrlenW
FlushFileBuffers
InterlockedExchange
GetCPInfoExW
FillConsoleOutputCharacterW
GetLastError
GetProcAddress
PeekConsoleInputW
CreateTimerQueueTimer
LocalLock
GetConsoleDisplayMode
EnterCriticalSection
SetTimerQueueTimer
GlobalGetAtomNameA
WriteConsoleA
DnsHostnameToComputerNameA
BeginUpdateResourceA
SetEnvironmentVariableA
GetModuleHandleA
EraseTape
CancelTimerQueueTimer
EndUpdateResourceA
ReadConsoleInputW
FindFirstVolumeW
GetCurrentProcessId
AreFileApisANSI
LCMapStringW
LCMapStringA
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar

user32

RealGetWindowClassA

advapi32

AdjustTokenGroups

Exports

Exports

@GetAnotherVice@12
@SetFirstEverVice@4

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 40.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v5n1HuUxtaYNHT7sRlXCCwIu.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-10-2020 00:00

Not After

24-10-2022 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:50:57:fe:10:85:97:70:19:ef:ce:dc:c7:8b:7d:7d:b5:25:85:e1
Signer

Actual PE Digest

00:50:57:fe:10:85:97:70:19:ef:ce:dc:c7:8b:7d:7d:b5:25:85:e1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wTzxLyAQL7H5FI0GIaor5FbA.exe
.exe windows:6 windows x64 arch:x64

045715ac29c84a0e47dab339e337bc06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

calc.pdb

Imports

shell32

ord165
ShellAboutW
SHGetSpecialFolderPathW

shlwapi

ord225

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetPageUnit
GdipDrawLineI
GdipDrawArcI
GdipFillRectangleI
GdipCloneImage
GdipCreateBitmapFromScan0
GdipDeletePen
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipCloneBitmapAreaI
GdipCreatePen1
GdipDisposeImage
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
EventUnregister
EventRegister
RegCloseKey
RegCreateKeyExW
EventWrite

oleaut32

SysStringLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
SysAllocString

uxtheme

IsThemeActive

ole32

CoUninitialize
CoInitialize
CoCreateInstance

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
ord413
ord410
ord380
ord392

ntdll

WinSqmAddToStreamEx
WinSqmAddToStream

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
lstrlenA
GetModuleHandleW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
GetSystemTime
WaitForSingleObject
CreateEventW
CreateThread
ResetEvent
SetEvent
CloseHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcmpW
MulDiv
GlobalFindAtomW
FindResourceW
GetLastError
MultiByteToWideChar
GetLocalTime
GetDateFormatW
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
LoadLibraryW
GetProcAddress
GetLocaleInfoEx
FreeLibrary
LocalFree
LocalAlloc
LocalReAlloc
GetProfileStringW
lstrlenW
CompareStringW
RegisterApplicationRecoveryCallback
ApplicationRecoveryInProgress
Sleep
ApplicationRecoveryFinished
RegisterApplicationRestart
GetTempFileNameW
SystemTimeToFileTime
CompareFileTime
GetFileAttributesW
FileTimeToSystemTime
CreateFileW
DeleteFileW
LeaveCriticalSection
DeleteCriticalSection
SetLastError
GetModuleHandleExW
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
DelayLoadFailureHook
ResolveDelayLoadedAPI
HeapReAlloc
HeapAlloc
WideCharToMultiByte
FindResourceExW
HeapDestroy

user32

OpenClipboard
GetClipboardData
InvalidateRect
CloseClipboard
EmptyClipboard
SetClipboardData
PostQuitMessage
DefWindowProcW
LoadAcceleratorsW
InsertMenuItemW
RegisterClassExW
SetWindowPlacement
SetForegroundWindow
GetMessageW
TranslateAcceleratorW
GetMessageExtraInfo
TranslateMessage
DispatchMessageW
GetKeyState
IsDialogMessageW
GetClassNameW
GetDC
ReleaseDC
GetSystemMetrics
GetWindowLongW
EnumChildWindows
DrawTextW
SetPropW
SystemParametersInfoW
CheckRadioButton
UpdateWindow
SendDlgItemMessageW
IsDlgButtonChecked
MoveWindow
SetDlgItemInt
GetDlgItemInt
FillRect
GetNextDlgTabItem
MonitorFromWindow
GetMonitorInfoW
OffsetRect
EqualRect
MonitorFromRect
GetClassWord
EnumDesktopWindows
EnumDisplayMonitors
IntersectRect
CopyRect
CreateDialogParamW
GetFocus
CreatePopupMenu
TrackPopupMenu
IsClipboardFormatAvailable
CharNextA
IsWindowEnabled
PostMessageW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
GetWindowLongPtrW
SetWindowLongPtrW
SetWindowLongW
SetClassLongW
SetWindowTextW
GetWindowPlacement
CheckMenuItem
GetSysColor
SetClassLongPtrW
GetClassLongPtrW
DrawMenuBar
SetMenuItemInfoW
AppendMenuW
LoadStringW
GetSubMenu
RemoveMenu
CheckMenuRadioItem
SetFocus
MapWindowPoints
EnableMenuItem
GetMenu
GetClientRect
ShowWindow
CreateWindowExW
DestroyWindow
DialogBoxParamW
EndDialog
SetWindowPos
GetDlgItem
GetWindowRect
SendMessageW
MessageBeep
LoadCursorW
SetCursor
LoadImageW
UnregisterClassA
GetProcessDefaultLayout
GetMenuState
GetParent

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

winmm

timeGetTime

gdi32

CreateDIBSection
GetStockObject
SetBkColor
SetBkMode
CreatePatternBrush
DeleteObject
DeleteDC
EqualRgn
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
GetRgnBox
LineTo
MoveToEx
ExtCreatePen
GetObjectW
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
SetTextColor
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
SelectObject
GetTextExtentPointW

msvcrt

difftime
memmove
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
memcpy
___mb_cur_max_func
_errno
__mb_cur_max
__crtGetStringTypeW
__crtLCMapStringW
__uncaught_exception
isspace
tolower
abort
isalnum
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
time
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
mbstowcs_s
exit
isdigit
isxdigit
toupper
_purecall
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
free
isalpha
wcstoul
strcspn
memchr
_wcsrev
strchr
_strtoui64
_strtoi64
sprintf_s
_wtoi64
_i64tow_s
_wcsdup
localeconv
iswalpha
iswdigit
_wcslwr_s
_wcsnicmp
wcsncmp
_itow_s
calloc
wcschr
_wcsicmp
_itoa
_wtoi
_vsnwprintf
wcscat_s
wcscpy_s
_exit
wcstol
wcscmp

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xiGD01oEkhh5s50F0Mw8lPVJ.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yBqNUgvOW6iDky2dKdBCi5Fb.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-10-2020 00:00

Not After

24-10-2022 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:50:57:fe:10:85:97:70:19:ef:ce:dc:c7:8b:7d:7d:b5:25:85:e1
Signer

Actual PE Digest

00:50:57:fe:10:85:97:70:19:ef:ce:dc:c7:8b:7d:7d:b5:25:85:e1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad1c5bf15a899fcfef408e3485448e67

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 113KB - Virtual size: 31.5MB

.tls Size: 512B - Virtual size: 193B

.rsrc Size: 59KB - Virtual size: 59KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 586KB - Virtual size: 585KB

.rsrc Size: 1024B - Virtual size: 680B

.reloc Size: 1024B - Virtual size: 12B

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:ca:86:8f:22:c6:23:95:ce:03:17:eb:7b:ae:12:c0:60:6c:a3:42Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 96KB - Virtual size: 192KB

Size: 2KB - Virtual size: 4KB

Size: 35KB - Virtual size: 195KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

| ⚛️ Size: 102KB - Virtual size: 102KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 102KB - Virtual size: 101KB

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

f4:4a:15:b6:c0:fa:b9:f1:27:50:24:12:fe:ac:42:8a:11:23:e5:3eSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 189KB - Virtual size: 192KB

.sdata Size: 5KB - Virtual size: 4KB

Size: 27KB - Virtual size: 197KB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

| ⚛️ Size: 104KB - Virtual size: 104KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 104KB - Virtual size: 103KB

ab6a8b01372d51e7fed6c22dcfc42852

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winhttp

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 113KB - Virtual size: 31.5MB

.tls
Size: 512B - Virtual size: 193B

.rsrc
Size: 59KB - Virtual size: 59KB

.text
Size: 586KB - Virtual size: 585KB

.rsrc
Size: 1024B - Virtual size: 680B

.reloc
Size: 1024B - Virtual size: 12B

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:ca:86:8f:22:c6:23:95:ce:03:17:eb:7b:ae:12:c0:60:6c:a3:42
Signer

.idata
Size: 512B - Virtual size: 8KB

| ⚛️
Size: 102KB - Virtual size: 102KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 102KB - Virtual size: 101KB

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

f4:4a:15:b6:c0:fa:b9:f1:27:50:24:12:fe:ac:42:8a:11:23:e5:3e
Signer

.text
Size: 189KB - Virtual size: 192KB

.sdata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 512B - Virtual size: 8KB

| ⚛️
Size: 104KB - Virtual size: 104KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 104KB - Virtual size: 103KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 113KB - Virtual size: 31.5MB

.tls
Size: 512B - Virtual size: 193B

.rsrc
Size: 12KB - Virtual size: 12KB

12:70:05:0c:3c:f4:64:de:c1:b8:b0:a8:af:d7:d6:f1
Certificate

95:cb:31:f1:cd:a9:ae:1f:48:98:5d:be:2c:9d:ce:7f:d9:4f:b9:9c:5b:34:e3:f0:6f:eb:bd:6d:9d:ef:c8:f8
Signer

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 4.2MB - Virtual size: 35.6MB

.rsrc
Size: 59KB - Virtual size: 59KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 113KB - Virtual size: 31.5MB

.tls
Size: 512B - Virtual size: 193B

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 403KB - Virtual size: 31.8MB

.rsrc
Size: 40KB - Virtual size: 39KB

.text
Size: 583KB - Virtual size: 582KB

.rsrc
Size: 1024B - Virtual size: 672B

.reloc
Size: 1024B - Virtual size: 12B

12:70:05:0c:3c:f4:64:de:c1:b8:b0:a8:af:d7:d6:f1
Certificate

95:cb:31:f1:cd:a9:ae:1f:48:98:5d:be:2c:9d:ce:7f:d9:4f:b9:9c:5b:34:e3:f0:6f:eb:bd:6d:9d:ef:c8:f8
Signer