fijewh[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

fijewh.zip
Size

36.0MB
MD5

7e6d7c0df23672babd30f9543916ca52
SHA1

0571efe4079a95cb118d79f8c87cdb8694193973
SHA256

ea5e0d5f12deeb25573cc7fcade7327945d5e4778c1569e189dc483e96583cbc
SHA512

010799374e9bb476c248ecd326ef67e076959b92da685c538b7f4bd4b94570a3e3cf43d64cd52b2a127dc15e2f11b41e1ea2d8c32fd9019f7272538311baf8c2
SSDEEP

393216:dGRv1cKZdpkm4SNOFXT+93GRv1cKZdpkm4SNOFXT+9ZEcnTXHfV18f49bWUccq:G/dkUsTD/dkUsTwECL/nXbW2q

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/412433/Lonelyscreen.1.2.9.keygen.by.Paradox.exe
unpack003/Lonelyscreen.1.2.9.keygen.by.Paradox.exe
unpack005/LonelyScreen.exe

Files

fijewh.zip
.zip
fijewh/412433.zip
.zip
412433/FILE_ID.DIZ
412433/Lonelyscreen.1.2.9.keygen.by.Paradox.exe
.exe windows:5 windows x86 arch:x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
412433/Lonelyscreen.1.2.9.keygen.by.Paradox.zip
.zip
Lonelyscreen.1.2.9.keygen.by.Paradox.exe
.exe windows:5 windows x86 arch:x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
412433/Paradox.nfo
fijewh/LonelyScreen.zip
.zip
LonelyScreen/LonelyScreen.zip
.zip
LonelyScreen.exe
.exe windows:6 windows x86 arch:x86

dc9547416b0a1371fc6562fcdef9ed7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\tiger\lonelyscreen\server\release\LonelyScreen.pdb

Imports

kernel32

GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
SetEndOfFile
FindFirstFileA
GetSystemDirectoryA
GetVersionExA
CreateMutexA
SystemTimeToFileTime
GetDateFormatW
VerSetConditionMask
LocalFree
FormatMessageW
GetVersionExW
VerifyVersionInfoW
GetCommandLineW
SetEvent
WaitForSingleObject
ReleaseSemaphore
OutputDebugStringA
GetConsoleWindow
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
WaitForMultipleObjects
DuplicateHandle
GetSystemInfo
QueryPerformanceFrequency
WaitForSingleObjectEx
GetSystemTime
GetLocalTime
VirtualQuery
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileAttributesW
LoadLibraryW
GetSystemDirectoryW
VirtualAlloc
VirtualFree
ReleaseMutex
CreateMutexW
ResetEvent
GetCurrencyFormatW
GetUserDefaultUILanguage
GetLogicalDrives
MoveFileExW
GetLongPathNameW
SetErrorMode
GetFileInformationByHandle
DeviceIoControl
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
HeapReAlloc
GetUserGeoID
GetVolumeInformationW
OutputDebugStringW
VirtualFreeEx
OpenProcess
ReadProcessMemory
GetDriveTypeW
lstrcmpW
lstrlenA
IsValidLanguageGroup
ExpandEnvironmentStringsW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
InterlockedIncrement
InterlockedDecrement
CompareStringEx
GetTempFileNameW
lstrlenW
ExitThread
SetFileAttributesW
TryEnterCriticalSection
CreateTimerQueue
RtlCaptureStackBackTrace
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
SetEnvironmentVariableA
SetEnvironmentVariableW
GetFullPathNameA
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
VirtualProtect
SetProcessAffinityMask
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
SetFilePointerEx
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapQueryInformation
PeekNamedPipe
FileTimeToLocalFileTime
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WaitNamedPipeW
CreateSemaphoreA
CreateEventA
InterlockedCompareExchange
InitializeCriticalSection
InterlockedExchangeAdd
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
SetHandleInformation
GlobalFree
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
VirtualAllocEx
GetTimeFormatW
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetProcessHeap
GetCurrentThreadId
GetCurrentThread
CloseHandle
ReadConsoleW
GetConsoleMode
ReadFile
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
FindNextFileA
FreeLibrary
SetConsoleCtrlHandler
WriteFile
GetStdHandle
CreateSemaphoreW
GetModuleHandleW
GetTickCount
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FatalAppExitA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
RaiseException
HeapFree
HeapSize
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
GetLastError
DecodePointer
EncodePointer
GetModuleFileNameW
GetGeoInfoW
CreateProcessW

shell32

SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteExW

ole32

RevokeDragDrop
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
RegisterDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoInitializeEx
DoDragDrop
CoCreateInstance
CoCreateGuid
CoLockObjectExternal

winmm

PlaySoundW

user32

HideCaret
DestroyCaret
CreateCaret
DestroyCursor
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
GetKeyboardLayoutList
GetAncestor
SetParent
GetParent
GetDesktopWindow
ScreenToClient
SetCaretPos
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
FillRect
SetCapture
GetCapture
GetActiveWindow
SetFocus
IsIconic
IsWindowVisible
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
IsChild
GetCaretBlinkTime
MessageBeep
GetDoubleClickTime
GetIconInfo
GetKeyboardLayout
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
ClientToScreen
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
DefWindowProcW
RegisterClassW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
UnregisterClassW
CreateWindowExW
DestroyWindow
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
RealGetWindowClassW
EnumWindows
GetWindowTextW
GetClipboardFormatNameW
GetMessageExtraInfo
TrackMouseEvent
TrackPopupMenuEx
CreateCursor
GetCursorPos
SetCursorPos
NotifyWinEvent
SetMenuItemInfoW
SetForegroundWindow
GetWindowLongW
SetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
GetSystemMenu
EnableMenuItem
GetDC
ReleaseDC
RegisterWindowMessageW
SendMessageW
GetSystemMetrics
MapWindowPoints
FindWindowW
FindWindowExW
GetWindowThreadProcessId
DestroyIcon
GetSysColor
SystemParametersInfoW
SetWindowRgn
CreateIconIndirect
DrawIconEx
MessageBoxW
ReleaseCapture

gdi32

AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
RemoveFontResourceExW
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetTextFaceW
CreateSolidBrush
AddFontResourceExW
GetFontData
CreateFontIndirectW
GetStockObject
EnumFontFamiliesExW
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
OffsetRgn
BitBlt
GetObjectW
GetDIBits
CreateBitmap
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetObjectA
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
SetBkMode
CreateCompatibleDC
CombineRgn

advapi32

CryptGenRandom
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CopySid
GetLengthSid
FreeSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptReleaseContext

oleaut32

SystemTimeToVariantTime
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SafeArrayGetElement
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

ws2_32

WSAGetLastError
ntohs
getservbyname
getservbyport
getsockname
WSACleanup
bind
socket
freeaddrinfo
WSASetLastError
recvfrom
select
sendto
recv
__WSAFDIsSet
closesocket
listen
getaddrinfo
htons
WSAAsyncSelect
inet_ntoa
WSAStartup
ioctlsocket
shutdown
getnameinfo
send
connect
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
accept
htonl
getsockopt
inet_addr
ntohl
gethostbyaddr
gethostbyname
gethostname
getpeername
setsockopt
WSAAccept
WSAConnect
WSAHtonl
WSAHtons

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3d9

Direct3DCreate9

Exports

Exports

z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 16.0MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.const
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.drectve
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_i
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdiplus

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 142KB

.gfids Size: 512B - Virtual size: 232B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 8KB - Virtual size: 8KB

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdiplus

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 142KB

.gfids Size: 512B - Virtual size: 232B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 8KB - Virtual size: 8KB

dc9547416b0a1371fc6562fcdef9ed7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

winmm

user32

gdi32

advapi32

oleaut32

ws2_32

imm32

d3d9

Exports

Exports

Sections

.text Size: 16.0MB - Virtual size: 16.0MB

.const Size: 14KB - Virtual size: 14KB

.text.un Size: 1024B - Virtual size: 732B

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 1.5MB - Virtual size: 4.8MB

.qtmetad Size: 512B - Virtual size: 272B

_RDATA Size: 3KB - Virtual size: 2KB

.rodata Size: 13KB - Virtual size: 13KB

.drectve Size: 512B - Virtual size: 188B

.eh_fram Size: 5KB - Virtual size: 5KB

.debug_i Size: 64KB - Virtual size: 63KB

.debug_a Size: 8KB - Virtual size: 7KB

.debug_l Size: 33KB - Virtual size: 32KB

.debug_a Size: 512B - Virtual size: 480B

.debug_r Size: 4KB - Virtual size: 4KB

.debug_l Size: 9KB - Virtual size: 9KB

.debug_f Size: 512B - Virtual size: 244B

.debug_s Size: 1024B - Virtual size: 878B

.rsrc Size: 362KB - Virtual size: 361KB

.reloc Size: 445KB - Virtual size: 445KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 142KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 142KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 16.0MB - Virtual size: 16.0MB

.const
Size: 14KB - Virtual size: 14KB

.text.un
Size: 1024B - Virtual size: 732B

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 1.5MB - Virtual size: 4.8MB

.qtmetad
Size: 512B - Virtual size: 272B

_RDATA
Size: 3KB - Virtual size: 2KB

.rodata
Size: 13KB - Virtual size: 13KB

.drectve
Size: 512B - Virtual size: 188B

.eh_fram
Size: 5KB - Virtual size: 5KB

.debug_i
Size: 64KB - Virtual size: 63KB

.debug_a
Size: 8KB - Virtual size: 7KB

.debug_l
Size: 33KB - Virtual size: 32KB

.debug_a
Size: 512B - Virtual size: 480B

.debug_r
Size: 4KB - Virtual size: 4KB

.debug_l
Size: 9KB - Virtual size: 9KB

.debug_f
Size: 512B - Virtual size: 244B

.debug_s
Size: 1024B - Virtual size: 878B

.rsrc
Size: 362KB - Virtual size: 361KB

.reloc
Size: 445KB - Virtual size: 445KB