socky of cum[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

socky of cum.rar
Size

37.8MB
MD5

8fc7a13c4492fd5d146f25b726a8ea78
SHA1

77a02370582eeaec4731dea65f6848715d7ccce6
SHA256

09c91862d6e40c74f6edc233440b5f691d498ede6fb00bb43d309ca24e4e67b9
SHA512

9605cb354f327becc3e75c403184befc91db568a0ccf79845cf8813fca3bbf693797f53189980873a1c0c2004ae1671796c8a662e2965b4d3ad2186d4b8398c9
SSDEEP

786432:zd24gc/EkZ/6GN/VM7xK9z13/ID6izYHYX/xQiTNse8fYUv11Kb7u6WqS2:J249/nxN/67k9z13/IDZkWQiTNgAUdo5

Score

7^/10

upx pyinstaller aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/066d06ca007d19457ca609dd95975f7facb551ffb5d8f6d4edf108236ad8c981.exe	upx

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/c531015ec09adf346131a375df9b9d04c90657fac9b80f2b1e269dae6186de86.exe	pyinstaller

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/066d06ca007d19457ca609dd95975f7facb551ffb5d8f6d4edf108236ad8c981.exe
unpack001/06d6f22d02443afd6d6880ead6648ebc.exe
unpack001/09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1.exe
unpack001/208cca124ddafe35a122f6bdd36191151a2730b4e1051804d5f68d0cb4b44145.exe
unpack001/241f67ece26c9e6047bb1a9fc60bf7c45a23ea1a2bb08a1617a385c71d008d79.exe
unpack001/30616f6c488fa16ccdcbfd6273e7ac8604c82bc1468fc1a70b2a43661b674760.exe
unpack001/44f28cd6ea894c05030ab913e2a0f1f1596b4aa7c551df9381f521cb88a92f7e.exe
unpack001/4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f.exe
unpack001/72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
unpack001/7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.exe
unpack001/7cf39ebb4409b13a7c153abff6661cc4d28d8d7109543d6419438ac9f2f1be57.exe
unpack001/8c42a084278ff8e25f7ee765c37da84da02780da725505108f9eb39cfb05c051.exe
unpack001/9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe
unpack001/b25cc314720ced9b2845941fb145bbf06493fad7b2b4a76b8fbffc995ff46215.exe
unpack001/b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
unpack001/b4c2ffccfe807167860d70ea95cde0390f2dc4220992d272497ced04afb97edd.exe
unpack001/bab7af3306f66d5deaafda1f0cd57c20e42678451a7bc70c71255f6a7e1806be.exe
unpack001/c531015ec09adf346131a375df9b9d04c90657fac9b80f2b1e269dae6186de86.exe
unpack001/dc7ab2e7ed26554a11da51a184e95b01e685b1a2f99c7fc77d54d5966530bf60.exe
unpack001/debfd1fb34df5c7047c3c8837cdda27b59e6044934447a8bb6878344847b74d8.exe
unpack001/df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
unpack001/df99316e57002298d88be785acad4c3a900cbc5e04a29e32d4549f25f08a7527.exe
unpack001/e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60.exe

Files

socky of cum.rar
.rar
066d06ca007d19457ca609dd95975f7facb551ffb5d8f6d4edf108236ad8c981.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
06d6f22d02443afd6d6880ead6648ebc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\REGISTRYCLEANER_ONLINE\blackscreen_new\FreeDownloadmanager\obj\x86\Debug\IntelliTraces.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1.exe
.exe windows:5 windows x86 arch:x86

fb3f18f3a26b3c97c5892f99370eecfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSaveKeyA
RegRestoreKeyA
RegEnumKeyA
RegCreateKeyExA
RegReplaceKeyA
ReadEventLogW
RegUnLoadKeyA
LogonUserA
CryptSignHashA
ClearEventLogA
OpenEventLogW
RegOpenKeyA
RegDeleteValueW

shell32

SHGetFileInfoA
DragFinish
SHGetMalloc
ExtractIconW
ShellMessageBoxA
FindExecutableW
StrStrA
SHChangeNotify
DragQueryFileW
ShellAboutW
SHGetFolderPathA

shlwapi

UrlIsW
UrlCompareW
PathIsURLW
PathCommonPrefixW
UrlIsOpaqueW
UrlHashW
UrlIsNoHistoryW
PathCompactPathW
UrlGetPartW
PathCombineW
UrlGetLocationW
UrlEscapeW
UrlUnescapeA
PathStripPathW

untfs

Recover
Extend

cryptdll

CDLocateRng
MD5Init
MD5Update

kernel32

DeleteFileA
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetCommandLineA
WaitForSingleObject
CreateWaitableTimerA
OpenJobObjectA
WaitNamedPipeW
InterlockedIncrement
GetTickCount
OpenMutexA
FindNextFileA
MoveFileExW
LoadLibraryExW

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
208cca124ddafe35a122f6bdd36191151a2730b4e1051804d5f68d0cb4b44145.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
241f67ece26c9e6047bb1a9fc60bf7c45a23ea1a2bb08a1617a385c71d008d79.exe
.exe windows:6 windows x86 arch:x86

92d6ccca84c4fe07219ffef323c16297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Работа\Локер шифровчик\Thanatos-master\Debug\Thanatos.pdb

Imports

kernel32

SetFileAttributesA
GetCurrentProcessId
GetModuleFileNameA
lstrcmpA
lstrcpyA
lstrcatA
FindNextFileA
OpenProcess
GetTickCount
WideCharToMultiByte
K32EnumProcessModules
K32GetModuleBaseNameA
K32GetModuleFileNameExA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
MultiByteToWideChar
GetProcessHeap
HeapFree
HeapAlloc
CloseHandle
WriteFile
ReadFile
GetFileSize
DeleteFileA
CopyFileA
CreateFileA
VirtualQuery
GetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA

shell32

ShellExecuteA

msvcp140d

?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPBD@Z
?good@ios_base@std@@QBE_NXZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpReceiveResponse
WinHttpCloseHandle

vcruntime140d

_except_handler4_common
__std_exception_destroy
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
__std_exception_copy
__std_type_info_destroy_list
_CxxThrowException
memcmp
memchr
__CxxFrameHandler3
memset
memmove
memcpy

ucrtbased

fputc
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
_free_dbg
_malloc_dbg
_callnewh
_CrtDbgReport
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
terminate
_controlfp_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
fopen
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
rand
srand
wcslen
_errno
isalnum
_invalid_parameter_noinfo
_CrtDbgReportW
__stdio_common_vsprintf
strlen
_invalid_parameter
malloc

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
30616f6c488fa16ccdcbfd6273e7ac8604c82bc1468fc1a70b2a43661b674760.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

srIwd
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
44f28cd6ea894c05030ab913e2a0f1f1596b4aa7c551df9381f521cb88a92f7e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\projects\jigsaw\jigsaw\obj\Debug\ransomawaro.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f.exe
.exe windows:5 windows x86 arch:x86

9e85bc8cd0863f7512a06d6eb4c79827

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
DeviceIoControl
VirtualAlloc
GetTempPathW
GetLastError
FileTimeToSystemTime
SetFileShortNameA
FindAtomA
GetProcAddress
CreateMailslotW
GetTickCount
HeapSize
WriteConsoleW
SetFilePointerEx
LoadLibraryW
GetSystemTimeAdjustment
SetStdHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameA
GetStdHandle
WriteFile
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileType
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW

user32

SetPropA
GetMenuStringW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe
.exe windows:5 windows x86 arch:x86

48dbac54777b31f54f4721a7bc1024e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LocalAlloc
GetProcAddress
ExitProcess
GetSystemTimes
GlobalMemoryStatus
GetMailslotInfo
lstrlenA
LoadLibraryW
AddAtomA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

gdi32

GetMapMode
GetGraphicsMode

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7b53a00b3a8859755f6144cb2149673fa17fdd6e439cbfdee21a7a513e6395b2.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7cf39ebb4409b13a7c153abff6661cc4d28d8d7109543d6419438ac9f2f1be57.exe
.exe windows:6 windows x86 arch:x86

930571369af7699560f7ecefa80e314a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\lwz\ImmGetCmpsitinStri.pdb

Imports

kernel32

ReadConsoleW
GetConsoleMode
ReadFile
GetProcessHeap
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetFileType
HeapFree
GetACP
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
Sleep
GetStdHandle
SetLastError
VirtualQuery
LoadLibraryExW
FreeLibrary
GetLogicalDrives
GetLogicalDriveStringsA
FlushFileBuffers
GetCurrentThread
SetThreadPriority
GetDriveTypeA
GetLocalTime
GetUserDefaultLangID
GetLocaleInfoW
CreateFileMappingA
MapViewOfFile
CloseHandle
GetTempPathA
GetCurrentDirectoryA
lstrlenA
lstrcpyA
lstrcpynA
GetLastError
lstrcatA
LoadLibraryExA
GetProcAddress
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
GetEnvironmentVariableA
GetModuleHandleExA
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
GetThreadLocale
GetConsoleCP
HeapSize
HeapReAlloc
HeapAlloc
GetComputerNameA
SetFilePointerEx
GetPrivateProfileIntA
WriteConsoleW
EncodePointer
LoadLibraryW
GetConsoleWindow
LoadLibraryA
CreateEventA
WaitForSingleObject
WriteFile
CreateFileW

user32

GetWindowTextLengthA
GetSysColorBrush
wsprintfA
SetWindowTextA
CharLowerA
SetWindowWord
OffsetRect
TrackPopupMenuEx
GetCursorPos
MapWindowPoints
RegisterClassA
LoadCursorA
LoadIconA
SetWindowLongA
GetWindowLongA
keybd_event
GetKeyboardLayout
GetActiveWindow
LoadImageA
ShowWindow
CreateWindowExW
CreateWindowExA
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
CheckMenuItem
EnableMenuItem
SendMessageA
EndDialog
KillTimer
SetTimer
GetWindowRect
CopyRect
RegisterHotKey
GetSystemMetrics
GetPropW
SendMessageW
SendDlgItemMessageW
EnableWindow
DefWindowProcA
PostQuitMessage
BeginPaint
EndPaint
LoadBitmapA
GetClientRect
DrawTextW
InvalidateRect
CreateIconIndirect
GetIconInfo
GetDlgItem
WindowFromPoint
GetDlgCtrlID
GetWindowContextHelpId

gdi32

GetStockObject
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectA
CreateBitmap
GetTextExtentPoint32A
Rectangle
Ellipse
SetTextColor
CreateFontW
StartDocA
StartPage
EndPage
EndDoc

advapi32

LsaClose
ImpersonateLoggedOnUser

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateGuid
StringFromCLSID
StringFromGUID2
CreateStreamOnHGlobal
CoUnmarshalInterface

oleaut32

VarDiv
VarTokenizeFormatString
VarAdd
VariantChangeTypeEx
LoadRegTypeLi
VarAnd
SafeArrayPtrOfIndex

odbc32

ord14
ord11
ord2
ord1
ord3
ord7
ord15

wininet

InternetCanonicalizeUrlA
InternetOpenA
InternetSetStatusCallback
InternetConnectA
FtpSetCurrentDirectoryA

netapi32

NetLocalGroupAddMember
NetUserAdd

mpr

WNetGetConnectionA

avifil32

AVIFileRelease

winmm

mmioAscend

shlwapi

StrCmpNIA
StrToIntExA

comctl32

ord410
ord17
ImageList_Add
ImageList_Create

pdh

PdhBrowseCountersA

gdiplus

GdipGetImageRawFormat
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCloneImage
GdipDisposeImage

secur32

AcceptSecurityContext
CompleteAuthToken

opengl32

glVertex2d
glVertex2i
glFlush
glEnd
glBegin
glClear
glColor3f
glClearColor
glLightfv
glShadeModel
glEnable
glLoadIdentity
glMatrixMode
glViewport
glMaterialfv
glDepthFunc
glCullFace
glClearDepth

glu32

gluPerspective

imm32

ImmGetDefaultIMEWnd
ImmGetConversionStatus
ImmSetConversionStatus
ImmReleaseContext
ImmGetContext

uxtheme

SetThemeAppProperties

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mini
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.profile
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sys
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8c42a084278ff8e25f7ee765c37da84da02780da725505108f9eb39cfb05c051.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9d081b734c595a1ae38e254369c0060c5870ee119c9f7853989c23ebc204a291.exe
.exe windows:4 windows x86 arch:x86

ad7f0cccd86c2a80587f856e17972b29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaLineInputVar
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaForEachCollAd
__vbaLsetFixstr
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
__vbaFileCloseAll
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
ord631
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
__vbaObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
ord717
__vbaGetOwner3
__vbaVarCat
__vbaI2Var
__vbaLsetFixstrFree
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
ord579
__vbaLateMemCall
__vbaOnGoCheck
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaR8IntI4
__vbaStrVarCopy
_allmul
_CItan
__vbaNextEachCollAd
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b25cc314720ced9b2845941fb145bbf06493fad7b2b4a76b8fbffc995ff46215.exe
.exe windows:4 windows x86 arch:x86

d3507775f24c205aed6964cd5fab889d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriorityBoost
GetModuleHandleA
VirtualAlloc
GetProcAddress
VirtualFree
GetProcessHeap
GetLocalTime
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
WriteFile
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetLastError
FlushFileBuffers
SetFilePointer
CloseHandle

user32

FindWindowA
IsWindowEnabled

winmm

mciSendCommandA
mciSendStringA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 332KB - Virtual size: 701KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
.exe windows:4 windows x86 arch:x86

a702ffe4712afb4154bc8c173eaa6ab0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiStreamProperty

ws2_32

WSAAsyncSelect
closesocket
recvfrom
ioctlsocket
inet_ntoa
recv
WSACleanup
accept
getpeername

kernel32

SetLastError
GetTimeZoneInformation
GetVersion
WideCharToMultiByte
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
MultiByteToWideChar
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GetDriveTypeA
InterlockedExchange
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
RtlUnwind

user32

GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
GetMessagePos
CreatePopupMenu
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
GetSysColorBrush
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
GetDesktopWindow
GetClassNameA
GetDlgItem
GetWindowTextA
GetForegroundWindow
ScreenToClient
UnregisterClassA
WindowFromPoint
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetTextMetricsA
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateRectRgnIndirect
SetBkColor
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetCurrentObject
GetClipRgn
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetStretchBltMode

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHChangeNotify

ole32

CLSIDFromString
OleUninitialize
CoCreateInstance
OleInitialize

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

comctl32

ord17
ImageList_Destroy

comdlg32

ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 492KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16.4MB - Virtual size: 16.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b4c2ffccfe807167860d70ea95cde0390f2dc4220992d272497ced04afb97edd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bab7af3306f66d5deaafda1f0cd57c20e42678451a7bc70c71255f6a7e1806be.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Revizyonlar\24.01.2017 TRY Catch File Encryptor Revizyon 6 - Encryptor\FileEncryptor\obj\Debug\Islem Dekontunuz.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 824KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c531015ec09adf346131a375df9b9d04c90657fac9b80f2b1e269dae6186de86.exe
.exe windows:6 windows x86 arch:x86

719ea92bb6bb4c5aaa3e4d2e8bbfdde0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

SystemTimeToTzSpecificLocalTime
DecodePointer
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageA
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
RaiseException
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize
HeapReAlloc

ws2_32

ntohl

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dc7ab2e7ed26554a11da51a184e95b01e685b1a2f99c7fc77d54d5966530bf60.exe
.exe windows:5 windows x86 arch:x86

9caeb7225cebd37b06894c5b64f6852b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
HeapFree
SetLastError
VirtualFree
VirtualAlloc
LoadLibraryA
GetNativeSystemInfo
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
GetStringTypeW
HeapReAlloc
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW

Sections

.text
Size: 838KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
debfd1fb34df5c7047c3c8837cdda27b59e6044934447a8bb6878344847b74d8.exe
.exe windows:4 windows x86 arch:x86

d69adc5aba535543d2bfe93df4c9469a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
lstrcmpA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OpenProcess
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVolumeInformationA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FlushInstructionCache
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
CLSIDFromString

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 670KB - Virtual size: 669KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
df36e2aaae85f07851810a829e38a82827252fda15d4c4410da085d59ce38737.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\CHEF-DSI\Desktop\Malware projetc\hidden-tear-master\hidden-tear\hidden-tear\obj\Debug\PokemonGo.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
df99316e57002298d88be785acad4c3a900cbc5e04a29e32d4549f25f08a7527.exe
.exe windows:4 windows x86 arch:x86

83f9b09c28c600158fb9dc1e23fc794e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaFileCloseAll
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
ord529
__vbaVarTstEq
__vbaObjVar
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
ord531
__vbaFPException
_CIlog
__vbaFileOpen
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaLateMemCall
__vbaVarDup
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
ord542
_allmul
__vbaVarLateMemCallSt
_CItan
ord546
_CIexp
__vbaFreeObj
ord580
__vbaFreeStr

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 260KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 46KB - Virtual size: 48KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 528KB - Virtual size: 528KB

.sdata Size: 512B - Virtual size: 155B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

fb3f18f3a26b3c97c5892f99370eecfa

Headers

File Characteristics

Imports

advapi32

shell32

shlwapi

untfs

cryptdll

kernel32

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 34KB - Virtual size: 34KB

.rsrc Size: 566KB - Virtual size: 566KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 108KB - Virtual size: 107KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

92d6ccca84c4fe07219ffef323c16297

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

msvcp140d

winhttp

vcruntime140d

ucrtbased

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 8KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

srIwd Size: 6.4MB - Virtual size: 6.4MB

.text Size: 53KB - Virtual size: 53KB

.rsrc Size: 391KB - Virtual size: 390KB

.reloc Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 46KB - Virtual size: 48KB

.text
Size: 528KB - Virtual size: 528KB

.sdata
Size: 512B - Virtual size: 155B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 566KB - Virtual size: 566KB

.text
Size: 108KB - Virtual size: 107KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 8KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

srIwd
Size: 6.4MB - Virtual size: 6.4MB

.text
Size: 53KB - Virtual size: 53KB

.rsrc
Size: 391KB - Virtual size: 390KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.2MB - Virtual size: 1.2MB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 43KB

.gfids
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 161KB - Virtual size: 161KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 212KB - Virtual size: 211KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 16KB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 404B