darkcomet | RATS PACK[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

RATS PACK.rar
Size

129.6MB
MD5

c48b7d922d28f8db63f8b0311324ad39
SHA1

61d4526c819904995ba867ae257f149c36ad63f6
SHA256

1fef3ffb433d16b566453a794280a2487581fe3d7d17adffeb2bbc75abacea46
SHA512

fe59766600a4399387ec58eb3d1ac44dc6b091b96d663d7d4e203a3d30431160a8c4e3df1b53606d06d4dcac04b2691bd585cf2f92588a0cd23b9d8b9656229d
SSDEEP

3145728:0yPCzjR/Igf2bh5eBSbcZH1R206JRUc0u:07hPogSgl1x6JRr0u

Score

10^/10

pdf link upx darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-black.skn	acprotect
static1/unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-black.skn	acprotect
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-black.skn	acprotect
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-black.skn	acprotect

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-black.skn	upx
static1/unpack001/RATS PACK/Blackshades Public Edition/data/upx.exe	upx
static1/unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-black.skn	upx
static1/unpack001/RATS PACK/Blackshades Public Edition/xNet/data/upx.exe	upx
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-black.skn	upx
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/data/upx.exe	upx
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-black.skn	upx
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/upx.exe	upx
static1/unpack001/RATS PACK/XtremeRat 3.5/sysmain/xrt3.exe	upx

HTTP links in PDF interactive object 4 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/RATS PACK/Blackshades Public Edition/Blackshades NET Setup Tutorial.pdf	pdf_with_link_action
static1/unpack001/RATS PACK/Blackshades Public Edition/xNet/Blackshades NET Setup Tutorial.pdf	pdf_with_link_action
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/Blackshades NET Setup Tutorial.pdf	pdf_with_link_action
static1/unpack001/RATS PACK/Blackshades v 5.4 Private/skci/Blackshades NET Setup Tutorial.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 169 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RATS PACK/Blackshades Public Edition/Blackshades Public Ed..exe
unpack001/RATS PACK/Blackshades Public Edition/data/CODEJO~1.oca
unpack001/RATS PACK/Blackshades Public Edition/data/CODEJO~2.oca
unpack001/RATS PACK/Blackshades Public Edition/data/MSCOMCTL.oca
unpack001/RATS PACK/Blackshades Public Edition/data/MSDATGRD.oca
unpack001/RATS PACK/Blackshades Public Edition/data/MSINET.oca
unpack001/RATS PACK/Blackshades Public Edition/data/RICHTX32.oca
unpack001/RATS PACK/Blackshades Public Edition/data/mswinsck.oca
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-black.skn
unpack004/out.upx
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-brown.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-chrome.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-flashy-black.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-grey.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-light-gray.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-lines.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-luna-royale.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-mac-osx.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-mint.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-relax.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-simple-black.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-skin.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-smooth-simplebuttons.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-smooth.skn
unpack001/RATS PACK/Blackshades Public Edition/data/skins/bss-thin.skn
unpack001/RATS PACK/Blackshades Public Edition/data/upx.exe
unpack001/RATS PACK/Blackshades Public Edition/xNet/Ionic.Zip.dll
unpack001/RATS PACK/Blackshades Public Edition/xNet/Launcher.exe
unpack001/RATS PACK/Blackshades Public Edition/xNet/bpe.exe
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/CODEJO~1.oca
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/CODEJO~2.oca
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/MSCOMCTL.oca
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/MSDATGRD.oca
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/MSINET.oca
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/RICHTX32.oca
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/mswinsck.oca
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-black.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-brown.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-chrome.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-flashy-black.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-grey.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-light-gray.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-lines.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-luna-royale.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-mac-osx.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-mint.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-relax.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-simple-black.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-skin.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-smooth-simplebuttons.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-smooth.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-thin.skn
unpack001/RATS PACK/Blackshades Public Edition/xNet/data/upx.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/BlackShades 5.4.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/Launcher.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/client.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/data/CODEJO~1.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/CODEJO~2.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/CODEJO~3.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/MSCOMCTL.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/MSDATGRD.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/MSInet.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/RICHTX32.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/mswinsck.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/Luna Royale.msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/Mint.msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/Orion.msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/areao4 (2).msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-black.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-brown.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-flashy-black.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-grey.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-light-gray.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-lines.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-mac-osx.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-simple-black.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/skins/bss-smooth.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/data/station.bin
unpack001/RATS PACK/Blackshades v 5.4 Private/data/stub.bin
unpack001/RATS PACK/Blackshades v 5.4 Private/data/upx.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/msvbvm60.dll
unpack001/RATS PACK/Blackshades v 5.4 Private/setup/CoolPlayer.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/setup/Server5.4.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/setup/hosts_editor.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/Ionic.Zip.dll
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/Launcher.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/bs5.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/client.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/CODEJO~1.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/CODEJO~2.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/CODEJO~3.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/MSCOMCTL.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/MSDATGRD.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/MSInet.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/RICHTX32.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/mswinsck.oca
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/Luna Royale.msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/Mint.msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/Orion.msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/areao4 (2).msstyles
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-black.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-brown.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-flashy-black.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-grey.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-light-gray.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-lines.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-mac-osx.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-simple-black.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-smooth.skn
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/station.bin
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/stub.bin
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/data/upx.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/msvbvm60.dll
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/setup/CoolPlayer.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/setup/Server5.4.exe
unpack001/RATS PACK/Blackshades v 5.4 Private/skci/setup/hosts_editor.exe
unpack001/RATS PACK/Cybergate 1.8/CyberGate_v1.18.0.exe
unpack001/RATS PACK/Cybergate 1.8/core/Ionic.Zip.dll
unpack001/RATS PACK/Cybergate 1.8/core/Launcher.exe
unpack001/RATS PACK/Cybergate 1.8/core/cybf.exe
unpack001/RATS PACK/DarkComet Legacy/DarkComet_Full_setup.exe
unpack001/RATS PACK/DarkComet Legacy/Leaf.xNet.dll
unpack001/RATS PACK/DarkComet Legacy/RDXService.dll
unpack001/RATS PACK/DarkComet Legacy/data/Ionic.Zip.dll
unpack001/RATS PACK/DarkComet Legacy/data/Launcher.exe
unpack001/RATS PACK/DarkComet Legacy/data/Leaf.xNet.dll
unpack001/RATS PACK/DarkComet Legacy/data/RDXService.dll
unpack001/RATS PACK/DarkComet Legacy/data/cdds.exe
unpack001/RATS PACK/Darkcomet 5.3.1/Celesty Binder/Celesty.exe
unpack001/RATS PACK/Darkcomet 5.3.1/DarkComet.exe
unpack001/RATS PACK/Darkcomet 5.3.1/Spoof extensions/Spoofer.exe
unpack001/RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Celesty.exe
unpack001/RATS PACK/Darkcomet 5.3.1/cdp/Ionic.Zip.dll
unpack001/RATS PACK/Darkcomet 5.3.1/cdp/Launcher.exe
unpack001/RATS PACK/Darkcomet 5.3.1/cdp/Spoof extensions/Spoofer.exe
unpack001/RATS PACK/Darkcomet 5.3.1/cdp/dc.exe
unpack001/RATS PACK/Darkcomet 5.3.1/cdp/sqlite3.dll
unpack001/RATS PACK/Darkcomet 5.3.1/sqlite3.dll
unpack001/RATS PACK/HiveRAT Cracked/HiveRAT Cracked.exe
unpack001/RATS PACK/HiveRAT Cracked/cc.dll
unpack001/RATS PACK/HiveRAT Cracked/data/Ionic.Zip.dll
unpack001/RATS PACK/HiveRAT Cracked/data/Launcher.exe
unpack001/RATS PACK/HiveRAT Cracked/data/RDXService.exe
unpack001/RATS PACK/Loki Rat/LokiRAT_Relapse.exe
unpack001/RATS PACK/Loki Rat/SkinSoft.OSSkin.dll
unpack001/RATS PACK/Loki Rat/sas/Ionic.Zip.dll
unpack001/RATS PACK/Loki Rat/sas/Launcher.exe
unpack001/RATS PACK/Loki Rat/sas/SkinSoft.OSSkin.dll
unpack001/RATS PACK/Loki Rat/sas/lrr.exe
unpack001/RATS PACK/Loki Rat/sas/sysmain.dll
unpack001/RATS PACK/Loki Rat/sysmain.dll
unpack001/RATS PACK/Paradox RAT/Paradox RAT 4.2.3 Cracked.exe
unpack001/RATS PACK/Paradox RAT/data/Ionic.Zip.dll
unpack001/RATS PACK/Paradox RAT/data/Launcher.exe
unpack001/RATS PACK/Paradox RAT/data/Updater.exe
unpack001/RATS PACK/Paradox RAT/data/pr2.exe
unpack001/RATS PACK/Xtreme Rat v2.7/Xtreme Rat v2.7.exe
unpack001/RATS PACK/Xtreme Rat v2.7/dbgcore/Ionic.Zip.dll
unpack001/RATS PACK/Xtreme Rat v2.7/dbgcore/Launcher.exe
unpack001/RATS PACK/Xtreme Rat v2.7/dbgcore/xrt.exe
unpack001/RATS PACK/XtremeRat 3.5/RDXService.dll
unpack001/RATS PACK/XtremeRat 3.5/XtremeRAT 3.5 Private.exe
unpack001/RATS PACK/XtremeRat 3.5/rdpcorets.dll
unpack001/RATS PACK/XtremeRat 3.5/sysmain/Ionic.Zip.dll
unpack001/RATS PACK/XtremeRat 3.5/sysmain/Launcher.exe
unpack001/RATS PACK/XtremeRat 3.5/sysmain/xrt3.exe
unpack001/RATS PACK/jRat/jRat.exe
unpack001/RATS PACK/jRat/vertdll/Ionic.Zip.dll
unpack001/RATS PACK/jRat/vertdll/Launcher.exe

One or more email addresses in PDF identified
Detects presence of email addresses in PDF files.
pdf

Files

RATS PACK.rar
.rar
RATS PACK/Blackshades Public Edition/Blackshades NET Setup Tutorial.pdf
.pdf
- http://dev.mysql.com/downloads/connector/odbc/5.1.html
- http://localhost/security/xamppsecurity.php
- http://portforward.com/
- http://www.apachefriends.org/download.ph...-1.7.3.exe
- http://www.apachefriends.org/download.php?xampplite-win32-1.7.3.exe
- http://www.no-ip.com/
- http://yournick.no-ip.biz
- https://www.no-ip.com/downloads.php
- mailto:[email protected]
RATS PACK/Blackshades Public Edition/Blackshades NET User Guide.pdf
.pdf
- http://fileave.com
- http://gmail.com
RATS PACK/Blackshades Public Edition/Blackshades Public Ed..exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/Read Me.txt
RATS PACK/Blackshades Public Edition/client.ini
RATS PACK/Blackshades Public Edition/data/CODEJO~1.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/CODEJO~2.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/Codejock.Controls.Unicode.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

56accb93af10812d19391799de9a7230

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc
Signer

Actual PE Digest

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5436
ord6379
ord6390
ord4215
ord2576
ord3649
ord2430
ord1173
ord6193
ord6375
ord6376
ord6211
ord6051
ord1768
ord5286
ord3737
ord567
ord818
ord4294
ord6437
ord1230
ord4270
ord755
ord470
ord613
ord289
ord2371
ord6037
ord2444
ord1143
ord1258
ord1560
ord268
ord703
ord603
ord1961
ord2446
ord273
ord403
ord2385
ord1252
ord1763
ord462
ord3110
ord3310
ord3465
ord452
ord6303
ord521
ord4162
ord6153
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord6489
ord4272
ord6279
ord4273
ord2755
ord4199
ord834
ord836
ord2806
ord4155
ord2805
ord5210
ord1565
ord849
ord850
ord906
ord845
ord537
ord1130
ord2225
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2885
ord6568
ord857
ord941
ord6771
ord536
ord6381
ord6385
ord1971
ord5438
ord3313
ord665
ord5180
ord354
ord925
ord927
ord922
ord1203
ord1220
ord2863
ord5571
ord3520
ord433
ord4197
ord5706
ord1637
ord4158
ord1197
ord2914
ord4015
ord2719
ord2722
ord2721
ord1941
ord2144
ord6451
ord6597
ord3792
ord2372
ord2373
ord2559
ord4265
ord1131
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord4282
ord1226
ord5047
ord1787
ord2567
ord4390
ord3397
ord3569
ord609
ord4279
ord4118
ord3084
ord6166
ord6871
ord5781
ord940
ord1147
ord6654
ord1137
ord3605
ord656
ord765
ord6456
ord4474
ord3087
ord2637
ord2100
ord6373
ord2070
ord6195
ord3716
ord795
ord2108
ord6655
ord3693
ord3952
ord2634
ord1863
ord1000
ord5585
ord394
ord696
ord3430
ord4180
ord3625
ord2572
ord4394
ord682
ord1836
ord1841
ord4078
ord1840
ord5801
ord6082
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord2033
ord498
ord1008
ord3470
ord4254
ord5845
ord4709
ord2638
ord5784
ord472
ord4253
ord3714
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord793
ord768
ord489
ord2286
ord2354
ord2294
ord4970
ord6330
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord3798
ord6190
ord4119
ord1807
ord5857
ord3898
ord1644
ord2862
ord2104
ord6191
ord3515
ord6397
ord3865
ord2455
ord3706
ord783
ord1808
ord4229
ord324
ord2706
ord6004
ord6896
ord2293
ord668
ord2762
ord356
ord1850
ord2644
ord1662
ord4532
ord3525
ord2431
ord1686
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord3128
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord4943
ord2533
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord3264
ord2981
ord3075
ord4076
ord4618
ord5821
ord1202
ord723
ord4244
ord4990
ord4737
ord5884
ord5975
ord6124
ord5569
ord3194
ord5027
ord5570
ord3052
ord4814
ord2558
ord3257
ord812
ord1088
ord5858
ord5606
ord4524
ord4538
ord4517
ord5681
ord3269
ord439
ord736
ord5491
ord5778
ord3915
ord1255
ord1824
ord5647
ord350
ord4028
ord5638
ord1083
ord501
ord1113
ord1112
ord5446
ord3371
ord423
ord1125
ord1607
ord4805
ord1678
ord6036
ord1679
ord3469
ord5002
ord956
ord353
ord6865
ord5679
ord5949
ord3494
ord2507
ord355
ord801
ord541
ord4037
ord2605
ord1699
ord6566
ord729
ord2496
ord2787
ord430
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord1834
ord4237
ord4787
ord5248
ord5224
ord1714
ord4583
ord4582
ord4893
ord4364
ord4886
ord4529
ord5070
ord4335
ord4342
ord4881
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord5256
ord4426
ord761
ord480
ord1896
ord4251
ord4888
ord4717
ord5115
ord674
ord5479
ord2488
ord5955
ord3114
ord6038
ord3225
ord3207
ord2896
ord5980
ord3198

msvcrt

_ftol
wcscmp
wcsstr
_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
free
malloc
strchr
swscanf
__CxxFrameHandler
wcslen
wcstod
wcscpy
wcsncpy
calloc
realloc
_wsplitpath
wcstombs
floor
fseek
_fstat
_wfopen
fclose
ftell
fgetws
isprint
swprintf
isxdigit
qsort
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
wcsncmp
_CxxThrowException
wcschr
ceil
wcsrchr
_wcsdup
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_CIpow

kernel32

IsDBCSLeadByte
lstrcpyW
InterlockedDecrement
lstrcpynW
GlobalSize
LocalFree
GetPrivateProfileIntW
GetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringW
GetFileAttributesW
lstrcmpA
EnumResourceNamesW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceW
LoadResource
LockResource
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
GetModuleHandleW
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
SystemParametersInfoW
DefWindowProcW
LoadCursorW
GetForegroundWindow
GetLastActivePopup
GetWindowLongW
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
GetCapture
GetMessageW
ClientToScreen
GetScrollPos
DispatchMessageW
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
GetWindowPlacement
ShowWindow
DrawTextW
LoadIconW
DeferWindowPos
BeginDeferWindowPos
CreateAcceleratorTableW
wsprintfW
GetDlgItem
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageW
DrawFrameControl
SetCursor
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetWindow
GetClassNameW
DrawFocusRect
FillRect
GetFocus
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
GrayStringW
DrawAnimatedRects
FindWindowW
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
GetClassLongW
SetClassLongW
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
LoadMenuW
CopyImage
SetClipboardData
LoadBitmapW
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateW
DestroyAcceleratorTable
UnionRect
TranslateMessage
HideCaret
WinHelpW
OpenClipboard
VkKeyScanW
GetDoubleClickTime
IsChild
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
DragDetect
ShowCaret
GetScrollInfo
EndDeferWindowPos
DestroyCaret
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
GetWindowRgn
CallWindowProcW
RegisterWindowMessageW
IsWindowUnicode
SetWindowLongW
GetWindowLongA
SetWindowLongA
SendMessageW
OffsetRect
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsW
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontW
GetCharWidthW
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
CombineRgn
GetClipBox
GetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
MoveToEx
Polyline
Ellipse
LineTo
Rectangle
GetTextExtentPointW
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
GetStockObject
EnumFontFamiliesExW
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
SetBkMode
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

shell32

DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
Shell_NotifyIconW

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
VariantClear
LoadRegTypeLi
SafeArrayCreate

Exports

Exports

?interfaceMap@CWebBrowserSite@@1UAFX_INTERFACEMAP@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/Codejock.SkinFramework.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

b97546b32de3f20f9d20a53cbd559da6

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64
Signer

Actual PE Digest

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5825
ord423
ord723
ord5163
ord1614
ord3797
ord4299
ord3474
ord5008
ord800
ord2764
ord6877
ord5572
ord2915
ord2818
ord540
ord939
ord924
ord537
ord1168
ord1567
ord665
ord5442
ord353
ord268
ord6874
ord535
ord3262
ord1206
ord1223
ord2486
ord3237
ord860
ord1601
ord858
ord4278
ord5683
ord2514
ord2385
ord6374
ord4627
ord640
ord4160
ord2450
ord6199
ord1640
ord323
ord641
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord1140
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord5575
ord3525
ord433
ord861
ord539
ord674
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord2556
ord3571
ord3626
ord4668
ord1146
ord5314
ord324
ord6030
ord1269
ord3663
ord941
ord668
ord5710
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord4277
ord2763
ord2614
ord4624
ord6282
ord536
ord5440
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord2919
ord3517
ord3619
ord5875
ord764
ord3028
ord2863
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord567
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord3318
ord5186
ord354
ord926
ord2868
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord2567
ord1270
ord3402
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord755
ord470
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord6194
ord289
ord613
ord1262
ord1132
ord4081
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord3080
ord3376
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord1693
ord2439
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654
ord5023
ord4689
ord4648
ord4666
ord4129
ord4667
ord3530
ord1877
ord1133
ord2414
ord1641
ord1099
ord2864
ord562
ord1113
ord816
ord3258
ord1114
ord4021
ord823
ord2729
ord2730
ord2727
ord4003
ord614

msvcrt

_CxxThrowException
_ftol
_mbsrchr
_strdup
free
_mbscmp
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
atoi
__CxxFrameHandler
malloc
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_purecall

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
LocalFree
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
GetModuleFileNameA
lstrcpyA
GetFileAttributesA
MulDiv
lstrlenA
EnterCriticalSection
LocalAlloc

user32

GetClientRect
SetRectEmpty
GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSysColor
LoadStringA
LoadBitmapA
GetWindowRect
EqualRect
InvalidateRect
SystemParametersInfoA
AdjustWindowRectEx
EnableWindow
SetTimer
KillTimer
GetKeyState
SetRect
CopyRect
OffsetRect
InflateRect
ReleaseCapture
GetParent
GetWindowLongA
SendMessageA
GetSystemMetrics
PtInRect
GetDC
ReleaseDC
GetDesktopWindow
GetSystemMenu
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
MoveWindow
DispatchMessageA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
RegisterWindowMessageA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenu
GetMenuItemCount
IsWindowVisible
GetDoubleClickTime
RegisterClassA
TranslateMessage
SetWindowRgn
SetClassLongA
GetFocus
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
PostMessageA
GetWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
DrawFrameControl
RegisterClassW
DrawEdge
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
IntersectRect
SetCapture
IsRectEmpty
GetCapture
GetMessageA
IsWindow
ClientToScreen

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

DragQueryFileA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/IPList.dat
RATS PACK/Blackshades Public Edition/data/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/MSCOMCTL.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/MSDATGRD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

876294974e137decb1d3a02e0db7e3b1

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
CompareStringW
GetVersionExA
IsDBCSLeadByte
LoadResource
CompareStringA
FindResourceA
HeapReAlloc
LockResource
lstrcmpiA
lstrcpyA
GetLocaleInfoA
GetWindowsDirectoryA
lstrcpynA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
GetFileAttributesA
GetVersion
GetLastError
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
IsBadWritePtr
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
LoadLibraryA
EnterCriticalSection
HeapAlloc
GetProcessHeap
lstrlenA
GetProcAddress

user32

GetDesktopWindow
GetCapture
EndDialog
SetCursor
UnregisterClassA
ReleaseCapture
GetDlgItem
GetDCEx
WaitMessage
DefWindowProcA
GetWindow
GetActiveWindow
GetParent
EqualRect
SetWindowRgn
ShowWindow
SetParent
EndPaint
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
BeginPaint
EnableMenuItem
PeekMessageW
PostMessageW
RegisterWindowMessageA
KillTimer
SetTimer
wsprintfA
PeekMessageA
GetMessageA
PostQuitMessage
InvalidateRect
SetDlgItemTextA
TranslateMessage
CharNextA
IsWindowVisible
GetFocus
IsChild
GetDlgItemInt
SetDlgItemInt
GetWindowTextLengthA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
IsDlgButtonChecked
LoadMenuA
GetSubMenu
DestroyMenu
CheckDlgButton
TrackPopupMenu
GetScrollInfo
ScrollWindowEx
ShowScrollBar
DrawFrameControl
SetScrollInfo
EnableScrollBar
IntersectRect
DrawTextA
DrawTextW
WindowFromDC
DrawTextExW
SetRect
FillRect
InflateRect
OffsetRect
GetDC
DrawTextExA
UpdateWindow
GetWindowRect
GetClientRect
ReleaseDC
CreateDialogIndirectParamA
DialogBoxParamA
PostMessageA
PtInRect
WinHelpA
GetAsyncKeyState
DispatchMessageA
GetKeyState
CreateWindowExW
SetWindowLongW
RedrawWindow
SendMessageW
ClientToScreen
ScreenToClient
CallWindowProcW
CallWindowProcA
MoveWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
LoadBitmapA
RegisterClipboardFormatA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
SetFocus
MessageBeep
GetKeyboardLayout
GetWindowLongA
SendMessageA
GetSysColor
LoadCursorA
RegisterClassA
DestroyWindow
GetSystemMetrics
LoadStringA
GetMessagePos
EnumClipboardFormats
SetCapture

ole32

OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
OleLoadFromStream
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
CreateErrorInfo
SafeArrayAccessData
OleCreatePropertyFrame
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
OleCreatePictureIndirect
OleTranslateColor
VariantChangeTypeEx
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VarR4FromStr
VarBstrFromR4
VariantChangeType
VariantCopy
VariantClear
GetErrorInfo
VariantInit
SysStringLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SysAllocString

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreatePen
ExtTextOutA
CreateDCA
SetROP2
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
DeleteObject
CreateSolidBrush
GetTextExtentPoint32A
SetTextColor
DeleteDC
SetBkColor
CloseEnhMetaFile
GetDeviceCaps
CreateEnhMetaFileA
BitBlt
DeleteEnhMetaFile
GetObjectA
SetMapMode
DPtoLP
SelectClipRgn
GetWindowOrgEx
CreateRectRgnIndirect
Rectangle
IntersectClipRect
SetWindowOrgEx
PatBlt
SetTextAlign
GetDIBits
StretchDIBits
GetClipBox
CreateBitmap
GetSystemPaletteEntries
SelectObject
GetStockObject
CreateCompatibleDC
GetMapMode

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/MSDATGRD.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/MSINET.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
LoadLibraryA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/RICHTX32.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/Registrator.exe
.exe windows:4 windows x86 arch:x86

7e753ff681654f6baf71d608521060db

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

Actual PE Digest

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord800
ord2514
ord2764
ord537
ord1205
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1089
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord535
ord860
ord540
ord1168
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord858
ord1146
ord567
ord2358
ord2302
ord6215
ord5949
ord6199
ord3998
ord2614
ord4277
ord4129
ord6648
ord3092
ord4160
ord2863
ord668
ord2642
ord3178
ord2781
ord2770
ord924
ord356
ord6334
ord2379
ord755
ord470
ord3181
ord6907
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsrchr
__CxxFrameHandler
_setmbcp
_initterm

kernel32

GetCommandLineA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetSystemMenu
DrawIcon
GetClientRect
AppendMenuA
IsIconic
EnableWindow
SendMessageA
GetSystemMetrics
FindWindowA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/data.ini
RATS PACK/Blackshades Public Edition/data/icons/1.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/10.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/100.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/101.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/102.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/103.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/104.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/105.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/106.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/107.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/108.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/109.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/11.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/110.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/111.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/112.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/113.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/114.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/115.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/116.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/117.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/118.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/119.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/12.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/120.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/121.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/122.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/123.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/124.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/125.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/126.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/127.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/128.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/129.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/13.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/130.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/131.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/132.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/133.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/134.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/135.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/136.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/137.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/138.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/139.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/14.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/140.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/141.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/142.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/143.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/144.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/145.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/146.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/147.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/148.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/149.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/15.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/150.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/151.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/152.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/153.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/154.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/155.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/156.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/157.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/158.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/159.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/16.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/160.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/161.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/162.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/163.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/164.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/165.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/166.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/167.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/168.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/169.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/17.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/170.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/171.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/172.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/173.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/174.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/175.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/176.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/177.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/178.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/179.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/18.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/180.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/181.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/182.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/183.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/184.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/185.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/186.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/187.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/188.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/189.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/19.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/190.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/191.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/192.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/193.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/194.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/195.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/196.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/197.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/198.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/199.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/2.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/20.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/200.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/201.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/202.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/203.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/204.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/205.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/206.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/207.jpg
.jpg
RATS PACK/Blackshades Public Edition/data/icons/208.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/209.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/21.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/210.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/211.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/212.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/213.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/214.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/215.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/216.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/217.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/218.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/219.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/22.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/220.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/221.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/222.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/223.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/224.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/225.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/226.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/227.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/228.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/229.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/23.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/230.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/231.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/232.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/233.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/234.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/235.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/236.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/237.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/238.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/239.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/24.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/240.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/241.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/25.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/26.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/27.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/28.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/29.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/3.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/30.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/31.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/32.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/33.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/34.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/35.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/36.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/37.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/38.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/39.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/4.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/40.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/41.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/42.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/43.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/44.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/45.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/46.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/47.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/48.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/49.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/5.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/50.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/51.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/52.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/53.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/54.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/55.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/56.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/57.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/58.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/59.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/6.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/60.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/61.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/62.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/63.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/64.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/65.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/66.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/67.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/68.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/69.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/7.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/70.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/71.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/72.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/73.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/74.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/75.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/76.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/77.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/78.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/79.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/8.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/80.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/81.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/82.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/83.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/84.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/85.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/86.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/87.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/88.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/89.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/9.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/90.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/91.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/92.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/93.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/94.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/95.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/96.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/97.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/98.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/99.gif
.gif
RATS PACK/Blackshades Public Edition/data/icons/basic.png
.png
RATS PACK/Blackshades Public Edition/data/icons/connections.png
.png
RATS PACK/Blackshades Public Edition/data/icons/group.png
.png
RATS PACK/Blackshades Public Edition/data/icons/misc.png
.png
RATS PACK/Blackshades Public Edition/data/icons/star.png
.png
RATS PACK/Blackshades Public Edition/data/icons/user.png
.png
RATS PACK/Blackshades Public Edition/data/icons/user_gray.png
.png
RATS PACK/Blackshades Public Edition/data/mswinsck.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/plugins/dos_sock.bss
RATS PACK/Blackshades Public Edition/data/plugins/nir_cmd.bss
RATS PACK/Blackshades Public Edition/data/plugins/pws_cdk.bss
RATS PACK/Blackshades Public Edition/data/plugins/pws_mail.bss
RATS PACK/Blackshades Public Edition/data/plugins/pws_mess.bss
RATS PACK/Blackshades Public Edition/data/profiles/default.bss
RATS PACK/Blackshades Public Edition/data/skins/bss-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-brown.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-chrome.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-flashy-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-grey.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-light-gray.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-lines.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-luna-royale.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-mac-osx.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-mint.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-office2k7.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

Actual PE Digest

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-relax.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-simple-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-skin.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-smooth-simplebuttons.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-smooth.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-thin.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/skins/bss-xpryoal.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61
Signer

Actual PE Digest

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/data/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1012KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades Public Edition/data/web/countries.bss
.html
RATS PACK/Blackshades Public Edition/data/web/ddos.bss
.html
RATS PACK/Blackshades Public Edition/data/web/ddosfail.bss
.html
RATS PACK/Blackshades Public Edition/data/web/ddosstats.bss
.html
RATS PACK/Blackshades Public Edition/data/web/dload.bss
.html
RATS PACK/Blackshades Public Edition/data/web/dloadfail.bss
.html
RATS PACK/Blackshades Public Edition/data/web/full.bss
.html
RATS PACK/Blackshades Public Edition/data/web/login.bss
.html
RATS PACK/Blackshades Public Edition/data/web/loginfail.bss
.html
RATS PACK/Blackshades Public Edition/data/web/main.bss
.html
RATS PACK/Blackshades Public Edition/data/web/os.bss
.html
RATS PACK/Blackshades Public Edition/data/web/pws.bss
.html
RATS PACK/Blackshades Public Edition/data/web/settings.bss
.html
RATS PACK/Blackshades Public Edition/data/web/unauth.bss
.html
RATS PACK/Blackshades Public Edition/data/web/users.txt
RATS PACK/Blackshades Public Edition/remote database viewer/README.txt
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/Connections/.DS_Store
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/Connections/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/Connections/bssnet.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/dataTables.scrollingPagination.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/editable_ajax.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/jquery.dataTables.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/jquery.jeditable.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/jquery.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/jquery.quicksearch.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/SpryAssets/xpath.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/cddel.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/cdkey.php
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/conn.php
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/conndel.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/css/demo_page.css
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/css/demo_table.css
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/css/menu_style.css
.html
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/css/oneColLiqCtrHdr.css
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/css/style.css
.html
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/b-content3.jpg
.jpg
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/bottom3.jpg
.jpg
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/bottom_bar2.jpg
.jpg
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/button2.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/button3.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/content2.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/copy document.psd
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/copy.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/copy_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/csv.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/csv_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/current-bg.gif
.gif
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/details_close.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/details_open.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/file_types.psd
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/menu-bg.gif
.gif
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/menu6.jpg
.jpg
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/print.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/print_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/printer.psd
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/top.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/x.gif
.gif
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/x.jpg
.jpg
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/xls.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/images/xls_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/index.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/keylog.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/as3/ZeroClipboard.as
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/as3/ZeroClipboardPdf.as
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/as3/lib/AlivePDF.swc
.zip
catalog.xml
.xml
library.swf
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/css/TableTools.css
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/css/TableTools_JUI.css
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/background.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/collection.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/collection_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/copy.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/copy_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/csv.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/csv_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/pdf.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/pdf_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/print.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/print_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/xls.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/images/xls_hover.png
.png
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/js/TableTools.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/js/TableTools.min.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/js/TableTools.min.js.gz
.gz
TableTools.min.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/js/ZeroClipboard.js
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/js/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/swf/copy_cvs_xls.swf
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/media/swf/copy_cvs_xls_pdf.swf
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/pws.php
.js
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/pwsdel.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/rev.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/_notes/spryconn.php.mno
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/_notes/sprykl.php.mno
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/_notes/sprypws.php.mno
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/server_cdk.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/server_conn.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/server_pws.php
RATS PACK/Blackshades Public Edition/remote database viewer/dbview/xml/server_pwsedit.php
RATS PACK/Blackshades Public Edition/sql/README.txt
RATS PACK/Blackshades Public Edition/sql/bssnet.sql
RATS PACK/Blackshades Public Edition/xNet/Blackshades NET Setup Tutorial.pdf
.pdf
- http://dev.mysql.com/downloads/connector/odbc/5.1.html
- http://localhost/security/xamppsecurity.php
- http://portforward.com/
- http://www.apachefriends.org/download.ph...-1.7.3.exe
- http://www.apachefriends.org/download.php?xampplite-win32-1.7.3.exe
- http://www.no-ip.com/
- http://yournick.no-ip.biz
- https://www.no-ip.com/downloads.php
- mailto:[email protected]
RATS PACK/Blackshades Public Edition/xNet/Blackshades NET User Guide.pdf
.pdf
- http://fileave.com
- http://gmail.com
RATS PACK/Blackshades Public Edition/xNet/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/LICENCE.dat
.zip
RATS PACK/Blackshades Public Edition/xNet/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/Purchase Full Version.txt
RATS PACK/Blackshades Public Edition/xNet/Read Me.txt
RATS PACK/Blackshades Public Edition/xNet/bpe.exe
.exe windows:5 windows x86 arch:x86

d87ce4716675f291caf82497bf9d5fae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/client.ini
RATS PACK/Blackshades Public Edition/xNet/data/CODEJO~1.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/CODEJO~2.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/Codejock.Controls.Unicode.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

56accb93af10812d19391799de9a7230

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc
Signer

Actual PE Digest

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5436
ord6379
ord6390
ord4215
ord2576
ord3649
ord2430
ord1173
ord6193
ord6375
ord6376
ord6211
ord6051
ord1768
ord5286
ord3737
ord567
ord818
ord4294
ord6437
ord1230
ord4270
ord755
ord470
ord613
ord289
ord2371
ord6037
ord2444
ord1143
ord1258
ord1560
ord268
ord703
ord603
ord1961
ord2446
ord273
ord403
ord2385
ord1252
ord1763
ord462
ord3110
ord3310
ord3465
ord452
ord6303
ord521
ord4162
ord6153
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord6489
ord4272
ord6279
ord4273
ord2755
ord4199
ord834
ord836
ord2806
ord4155
ord2805
ord5210
ord1565
ord849
ord850
ord906
ord845
ord537
ord1130
ord2225
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2885
ord6568
ord857
ord941
ord6771
ord536
ord6381
ord6385
ord1971
ord5438
ord3313
ord665
ord5180
ord354
ord925
ord927
ord922
ord1203
ord1220
ord2863
ord5571
ord3520
ord433
ord4197
ord5706
ord1637
ord4158
ord1197
ord2914
ord4015
ord2719
ord2722
ord2721
ord1941
ord2144
ord6451
ord6597
ord3792
ord2372
ord2373
ord2559
ord4265
ord1131
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord4282
ord1226
ord5047
ord1787
ord2567
ord4390
ord3397
ord3569
ord609
ord4279
ord4118
ord3084
ord6166
ord6871
ord5781
ord940
ord1147
ord6654
ord1137
ord3605
ord656
ord765
ord6456
ord4474
ord3087
ord2637
ord2100
ord6373
ord2070
ord6195
ord3716
ord795
ord2108
ord6655
ord3693
ord3952
ord2634
ord1863
ord1000
ord5585
ord394
ord696
ord3430
ord4180
ord3625
ord2572
ord4394
ord682
ord1836
ord1841
ord4078
ord1840
ord5801
ord6082
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord2033
ord498
ord1008
ord3470
ord4254
ord5845
ord4709
ord2638
ord5784
ord472
ord4253
ord3714
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord793
ord768
ord489
ord2286
ord2354
ord2294
ord4970
ord6330
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord3798
ord6190
ord4119
ord1807
ord5857
ord3898
ord1644
ord2862
ord2104
ord6191
ord3515
ord6397
ord3865
ord2455
ord3706
ord783
ord1808
ord4229
ord324
ord2706
ord6004
ord6896
ord2293
ord668
ord2762
ord356
ord1850
ord2644
ord1662
ord4532
ord3525
ord2431
ord1686
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord3128
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord4943
ord2533
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord3264
ord2981
ord3075
ord4076
ord4618
ord5821
ord1202
ord723
ord4244
ord4990
ord4737
ord5884
ord5975
ord6124
ord5569
ord3194
ord5027
ord5570
ord3052
ord4814
ord2558
ord3257
ord812
ord1088
ord5858
ord5606
ord4524
ord4538
ord4517
ord5681
ord3269
ord439
ord736
ord5491
ord5778
ord3915
ord1255
ord1824
ord5647
ord350
ord4028
ord5638
ord1083
ord501
ord1113
ord1112
ord5446
ord3371
ord423
ord1125
ord1607
ord4805
ord1678
ord6036
ord1679
ord3469
ord5002
ord956
ord353
ord6865
ord5679
ord5949
ord3494
ord2507
ord355
ord801
ord541
ord4037
ord2605
ord1699
ord6566
ord729
ord2496
ord2787
ord430
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord1834
ord4237
ord4787
ord5248
ord5224
ord1714
ord4583
ord4582
ord4893
ord4364
ord4886
ord4529
ord5070
ord4335
ord4342
ord4881
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord5256
ord4426
ord761
ord480
ord1896
ord4251
ord4888
ord4717
ord5115
ord674
ord5479
ord2488
ord5955
ord3114
ord6038
ord3225
ord3207
ord2896
ord5980
ord3198

msvcrt

_ftol
wcscmp
wcsstr
_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
free
malloc
strchr
swscanf
__CxxFrameHandler
wcslen
wcstod
wcscpy
wcsncpy
calloc
realloc
_wsplitpath
wcstombs
floor
fseek
_fstat
_wfopen
fclose
ftell
fgetws
isprint
swprintf
isxdigit
qsort
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
wcsncmp
_CxxThrowException
wcschr
ceil
wcsrchr
_wcsdup
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_CIpow

kernel32

IsDBCSLeadByte
lstrcpyW
InterlockedDecrement
lstrcpynW
GlobalSize
LocalFree
GetPrivateProfileIntW
GetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringW
GetFileAttributesW
lstrcmpA
EnumResourceNamesW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceW
LoadResource
LockResource
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
GetModuleHandleW
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
SystemParametersInfoW
DefWindowProcW
LoadCursorW
GetForegroundWindow
GetLastActivePopup
GetWindowLongW
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
GetCapture
GetMessageW
ClientToScreen
GetScrollPos
DispatchMessageW
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
GetWindowPlacement
ShowWindow
DrawTextW
LoadIconW
DeferWindowPos
BeginDeferWindowPos
CreateAcceleratorTableW
wsprintfW
GetDlgItem
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageW
DrawFrameControl
SetCursor
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetWindow
GetClassNameW
DrawFocusRect
FillRect
GetFocus
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
GrayStringW
DrawAnimatedRects
FindWindowW
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
GetClassLongW
SetClassLongW
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
LoadMenuW
CopyImage
SetClipboardData
LoadBitmapW
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateW
DestroyAcceleratorTable
UnionRect
TranslateMessage
HideCaret
WinHelpW
OpenClipboard
VkKeyScanW
GetDoubleClickTime
IsChild
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
DragDetect
ShowCaret
GetScrollInfo
EndDeferWindowPos
DestroyCaret
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
GetWindowRgn
CallWindowProcW
RegisterWindowMessageW
IsWindowUnicode
SetWindowLongW
GetWindowLongA
SetWindowLongA
SendMessageW
OffsetRect
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsW
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontW
GetCharWidthW
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
CombineRgn
GetClipBox
GetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
MoveToEx
Polyline
Ellipse
LineTo
Rectangle
GetTextExtentPointW
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
GetStockObject
EnumFontFamiliesExW
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
SetBkMode
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

shell32

DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
Shell_NotifyIconW

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
VariantClear
LoadRegTypeLi
SafeArrayCreate

Exports

Exports

?interfaceMap@CWebBrowserSite@@1UAFX_INTERFACEMAP@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/Codejock.SkinFramework.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

b97546b32de3f20f9d20a53cbd559da6

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64
Signer

Actual PE Digest

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5825
ord423
ord723
ord5163
ord1614
ord3797
ord4299
ord3474
ord5008
ord800
ord2764
ord6877
ord5572
ord2915
ord2818
ord540
ord939
ord924
ord537
ord1168
ord1567
ord665
ord5442
ord353
ord268
ord6874
ord535
ord3262
ord1206
ord1223
ord2486
ord3237
ord860
ord1601
ord858
ord4278
ord5683
ord2514
ord2385
ord6374
ord4627
ord640
ord4160
ord2450
ord6199
ord1640
ord323
ord641
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord1140
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord5575
ord3525
ord433
ord861
ord539
ord674
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord2556
ord3571
ord3626
ord4668
ord1146
ord5314
ord324
ord6030
ord1269
ord3663
ord941
ord668
ord5710
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord4277
ord2763
ord2614
ord4624
ord6282
ord536
ord5440
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord2919
ord3517
ord3619
ord5875
ord764
ord3028
ord2863
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord567
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord3318
ord5186
ord354
ord926
ord2868
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord2567
ord1270
ord3402
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord755
ord470
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord6194
ord289
ord613
ord1262
ord1132
ord4081
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord3080
ord3376
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord1693
ord2439
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654
ord5023
ord4689
ord4648
ord4666
ord4129
ord4667
ord3530
ord1877
ord1133
ord2414
ord1641
ord1099
ord2864
ord562
ord1113
ord816
ord3258
ord1114
ord4021
ord823
ord2729
ord2730
ord2727
ord4003
ord614

msvcrt

_CxxThrowException
_ftol
_mbsrchr
_strdup
free
_mbscmp
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
atoi
__CxxFrameHandler
malloc
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_purecall

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
LocalFree
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
GetModuleFileNameA
lstrcpyA
GetFileAttributesA
MulDiv
lstrlenA
EnterCriticalSection
LocalAlloc

user32

GetClientRect
SetRectEmpty
GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSysColor
LoadStringA
LoadBitmapA
GetWindowRect
EqualRect
InvalidateRect
SystemParametersInfoA
AdjustWindowRectEx
EnableWindow
SetTimer
KillTimer
GetKeyState
SetRect
CopyRect
OffsetRect
InflateRect
ReleaseCapture
GetParent
GetWindowLongA
SendMessageA
GetSystemMetrics
PtInRect
GetDC
ReleaseDC
GetDesktopWindow
GetSystemMenu
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
MoveWindow
DispatchMessageA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
RegisterWindowMessageA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenu
GetMenuItemCount
IsWindowVisible
GetDoubleClickTime
RegisterClassA
TranslateMessage
SetWindowRgn
SetClassLongA
GetFocus
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
PostMessageA
GetWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
DrawFrameControl
RegisterClassW
DrawEdge
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
IntersectRect
SetCapture
IsRectEmpty
GetCapture
GetMessageA
IsWindow
ClientToScreen

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

DragQueryFileA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/IPList.dat
RATS PACK/Blackshades Public Edition/xNet/data/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/MSCOMCTL.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/MSDATGRD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

876294974e137decb1d3a02e0db7e3b1

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
CompareStringW
GetVersionExA
IsDBCSLeadByte
LoadResource
CompareStringA
FindResourceA
HeapReAlloc
LockResource
lstrcmpiA
lstrcpyA
GetLocaleInfoA
GetWindowsDirectoryA
lstrcpynA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
GetFileAttributesA
GetVersion
GetLastError
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
IsBadWritePtr
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
LoadLibraryA
EnterCriticalSection
HeapAlloc
GetProcessHeap
lstrlenA
GetProcAddress

user32

GetDesktopWindow
GetCapture
EndDialog
SetCursor
UnregisterClassA
ReleaseCapture
GetDlgItem
GetDCEx
WaitMessage
DefWindowProcA
GetWindow
GetActiveWindow
GetParent
EqualRect
SetWindowRgn
ShowWindow
SetParent
EndPaint
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
BeginPaint
EnableMenuItem
PeekMessageW
PostMessageW
RegisterWindowMessageA
KillTimer
SetTimer
wsprintfA
PeekMessageA
GetMessageA
PostQuitMessage
InvalidateRect
SetDlgItemTextA
TranslateMessage
CharNextA
IsWindowVisible
GetFocus
IsChild
GetDlgItemInt
SetDlgItemInt
GetWindowTextLengthA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
IsDlgButtonChecked
LoadMenuA
GetSubMenu
DestroyMenu
CheckDlgButton
TrackPopupMenu
GetScrollInfo
ScrollWindowEx
ShowScrollBar
DrawFrameControl
SetScrollInfo
EnableScrollBar
IntersectRect
DrawTextA
DrawTextW
WindowFromDC
DrawTextExW
SetRect
FillRect
InflateRect
OffsetRect
GetDC
DrawTextExA
UpdateWindow
GetWindowRect
GetClientRect
ReleaseDC
CreateDialogIndirectParamA
DialogBoxParamA
PostMessageA
PtInRect
WinHelpA
GetAsyncKeyState
DispatchMessageA
GetKeyState
CreateWindowExW
SetWindowLongW
RedrawWindow
SendMessageW
ClientToScreen
ScreenToClient
CallWindowProcW
CallWindowProcA
MoveWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
LoadBitmapA
RegisterClipboardFormatA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
SetFocus
MessageBeep
GetKeyboardLayout
GetWindowLongA
SendMessageA
GetSysColor
LoadCursorA
RegisterClassA
DestroyWindow
GetSystemMetrics
LoadStringA
GetMessagePos
EnumClipboardFormats
SetCapture

ole32

OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
OleLoadFromStream
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
CreateErrorInfo
SafeArrayAccessData
OleCreatePropertyFrame
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
OleCreatePictureIndirect
OleTranslateColor
VariantChangeTypeEx
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VarR4FromStr
VarBstrFromR4
VariantChangeType
VariantCopy
VariantClear
GetErrorInfo
VariantInit
SysStringLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SysAllocString

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreatePen
ExtTextOutA
CreateDCA
SetROP2
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
DeleteObject
CreateSolidBrush
GetTextExtentPoint32A
SetTextColor
DeleteDC
SetBkColor
CloseEnhMetaFile
GetDeviceCaps
CreateEnhMetaFileA
BitBlt
DeleteEnhMetaFile
GetObjectA
SetMapMode
DPtoLP
SelectClipRgn
GetWindowOrgEx
CreateRectRgnIndirect
Rectangle
IntersectClipRect
SetWindowOrgEx
PatBlt
SetTextAlign
GetDIBits
StretchDIBits
GetClipBox
CreateBitmap
GetSystemPaletteEntries
SelectObject
GetStockObject
CreateCompatibleDC
GetMapMode

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/MSDATGRD.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/MSINET.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
LoadLibraryA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/RICHTX32.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/Registrator.exe
.exe windows:4 windows x86 arch:x86

7e753ff681654f6baf71d608521060db

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

Actual PE Digest

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord800
ord2514
ord2764
ord537
ord1205
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1089
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord535
ord860
ord540
ord1168
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord858
ord1146
ord567
ord2358
ord2302
ord6215
ord5949
ord6199
ord3998
ord2614
ord4277
ord4129
ord6648
ord3092
ord4160
ord2863
ord668
ord2642
ord3178
ord2781
ord2770
ord924
ord356
ord6334
ord2379
ord755
ord470
ord3181
ord6907
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsrchr
__CxxFrameHandler
_setmbcp
_initterm

kernel32

GetCommandLineA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetSystemMenu
DrawIcon
GetClientRect
AppendMenuA
IsIconic
EnableWindow
SendMessageA
GetSystemMetrics
FindWindowA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/data.ini
RATS PACK/Blackshades Public Edition/xNet/data/icons/1.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/10.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/100.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/101.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/102.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/103.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/104.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/105.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/106.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/107.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/108.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/109.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/11.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/110.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/111.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/112.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/113.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/114.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/115.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/116.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/117.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/118.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/119.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/12.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/120.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/121.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/122.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/123.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/124.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/125.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/126.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/127.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/128.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/129.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/13.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/130.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/131.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/132.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/133.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/134.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/135.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/136.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/137.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/138.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/139.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/14.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/140.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/141.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/142.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/143.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/144.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/145.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/146.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/147.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/148.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/149.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/15.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/150.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/151.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/152.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/153.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/154.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/155.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/156.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/157.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/158.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/159.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/16.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/160.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/161.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/162.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/163.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/164.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/165.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/166.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/167.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/168.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/169.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/17.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/170.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/171.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/172.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/173.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/174.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/175.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/176.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/177.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/178.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/179.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/18.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/180.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/181.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/182.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/183.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/184.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/185.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/186.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/187.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/188.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/189.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/19.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/190.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/191.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/192.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/193.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/194.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/195.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/196.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/197.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/198.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/199.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/2.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/20.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/200.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/201.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/202.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/203.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/204.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/205.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/206.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/207.jpg
.jpg
RATS PACK/Blackshades Public Edition/xNet/data/icons/208.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/209.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/21.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/210.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/211.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/212.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/213.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/214.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/215.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/216.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/217.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/218.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/219.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/22.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/220.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/221.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/222.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/223.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/224.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/225.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/226.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/227.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/228.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/229.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/23.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/230.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/231.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/232.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/233.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/234.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/235.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/236.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/237.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/238.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/239.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/24.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/240.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/241.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/25.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/26.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/27.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/28.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/29.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/3.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/30.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/31.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/32.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/33.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/34.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/35.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/36.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/37.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/38.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/39.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/4.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/40.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/41.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/42.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/43.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/44.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/45.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/46.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/47.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/48.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/49.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/5.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/50.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/51.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/52.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/53.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/54.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/55.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/56.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/57.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/58.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/59.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/6.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/60.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/61.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/62.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/63.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/64.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/65.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/66.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/67.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/68.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/69.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/7.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/70.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/71.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/72.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/73.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/74.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/75.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/76.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/77.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/78.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/79.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/8.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/80.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/81.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/82.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/83.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/84.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/85.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/86.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/87.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/88.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/89.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/9.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/90.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/91.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/92.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/93.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/94.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/95.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/96.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/97.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/98.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/99.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/data/icons/basic.png
.png
RATS PACK/Blackshades Public Edition/xNet/data/icons/connections.png
.png
RATS PACK/Blackshades Public Edition/xNet/data/icons/group.png
.png
RATS PACK/Blackshades Public Edition/xNet/data/icons/misc.png
.png
RATS PACK/Blackshades Public Edition/xNet/data/icons/star.png
.png
RATS PACK/Blackshades Public Edition/xNet/data/icons/user.png
.png
RATS PACK/Blackshades Public Edition/xNet/data/icons/user_gray.png
.png
RATS PACK/Blackshades Public Edition/xNet/data/mswinsck.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/plugins/dos_sock.bss
RATS PACK/Blackshades Public Edition/xNet/data/plugins/nir_cmd.bss
RATS PACK/Blackshades Public Edition/xNet/data/plugins/pws_cdk.bss
RATS PACK/Blackshades Public Edition/xNet/data/plugins/pws_mail.bss
RATS PACK/Blackshades Public Edition/xNet/data/plugins/pws_mess.bss
RATS PACK/Blackshades Public Edition/xNet/data/profiles/default.bss
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-brown.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-chrome.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-flashy-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-grey.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-light-gray.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-lines.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-luna-royale.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-mac-osx.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-mint.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-office2k7.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

Actual PE Digest

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-relax.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-simple-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-skin.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-smooth-simplebuttons.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-smooth.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-thin.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/skins/bss-xpryoal.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61
Signer

Actual PE Digest

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades Public Edition/xNet/data/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1012KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades Public Edition/xNet/data/web/countries.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/ddos.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/ddosfail.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/ddosstats.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/dload.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/dloadfail.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/full.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/login.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/loginfail.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/main.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/os.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/pws.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/settings.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/unauth.bss
.html
RATS PACK/Blackshades Public Edition/xNet/data/web/users.txt
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/README.txt
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/Connections/.DS_Store
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/Connections/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/Connections/bssnet.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/dataTables.scrollingPagination.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/editable_ajax.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/jquery.dataTables.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/jquery.jeditable.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/jquery.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/jquery.quicksearch.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/SpryAssets/xpath.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/cddel.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/cdkey.php
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/conn.php
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/conndel.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/css/demo_page.css
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/css/demo_table.css
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/css/menu_style.css
.html
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/css/oneColLiqCtrHdr.css
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/css/style.css
.html
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/b-content3.jpg
.jpg
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/bottom3.jpg
.jpg
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/bottom_bar2.jpg
.jpg
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/button2.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/button3.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/content2.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/copy document.psd
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/copy.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/copy_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/csv.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/csv_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/current-bg.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/details_close.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/details_open.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/file_types.psd
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/menu-bg.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/menu6.jpg
.jpg
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/print.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/print_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/printer.psd
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/top.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/x.gif
.gif
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/x.jpg
.jpg
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/xls.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/images/xls_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/index.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/keylog.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/as3/ZeroClipboard.as
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/as3/ZeroClipboardPdf.as
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/as3/lib/AlivePDF.swc
.zip
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/css/TableTools.css
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/css/TableTools_JUI.css
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/background.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/collection.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/collection_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/copy.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/copy_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/csv.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/csv_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/pdf.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/pdf_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/print.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/print_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/xls.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/images/xls_hover.png
.png
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/js/TableTools.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/js/TableTools.min.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/js/TableTools.min.js.gz
.gz
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/js/ZeroClipboard.js
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/js/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/swf/copy_cvs_xls.swf
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/media/swf/copy_cvs_xls_pdf.swf
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/pws.php
.js
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/pwsdel.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/rev.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/_notes/dwsync.xml
.xml
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/_notes/spryconn.php.mno
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/_notes/sprykl.php.mno
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/_notes/sprypws.php.mno
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/server_cdk.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/server_conn.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/server_pws.php
RATS PACK/Blackshades Public Edition/xNet/remote database viewer/dbview/xml/server_pwsedit.php
RATS PACK/Blackshades Public Edition/xNet/sql/README.txt
RATS PACK/Blackshades Public Edition/xNet/sql/bssnet.sql
RATS PACK/Blackshades v 5.4 Private/BlackShades 5.4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/Blackshades NET Setup Tutorial.pdf
.pdf
RATS PACK/Blackshades v 5.4 Private/Blackshades NET User Guide.pdf
.pdf
RATS PACK/Blackshades v 5.4 Private/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/Logs/RAZZAK^razzak-DCDCE7E3.txt
RATS PACK/Blackshades v 5.4 Private/Read Me.txt
RATS PACK/Blackshades v 5.4 Private/Thumbs.db
RATS PACK/Blackshades v 5.4 Private/client.exe
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 1.2MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mozzvlzv
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jwiegmjg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/client.ini
RATS PACK/Blackshades v 5.4 Private/data/CODEJO~1.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/CODEJO~2.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/CODEJO~3.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/Codejock.Controls.Unicode.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

56accb93af10812d19391799de9a7230

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc
Signer

Actual PE Digest

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5436
ord6379
ord6390
ord4215
ord2576
ord3649
ord2430
ord1173
ord6193
ord6375
ord6376
ord6211
ord6051
ord1768
ord5286
ord3737
ord567
ord818
ord4294
ord6437
ord1230
ord4270
ord755
ord470
ord613
ord289
ord2371
ord6037
ord2444
ord1143
ord1258
ord1560
ord268
ord703
ord603
ord1961
ord2446
ord273
ord403
ord2385
ord1252
ord1763
ord462
ord3110
ord3310
ord3465
ord452
ord6303
ord521
ord4162
ord6153
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord6489
ord4272
ord6279
ord4273
ord2755
ord4199
ord834
ord836
ord2806
ord4155
ord2805
ord5210
ord1565
ord849
ord850
ord906
ord845
ord537
ord1130
ord2225
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2885
ord6568
ord857
ord941
ord6771
ord536
ord6381
ord6385
ord1971
ord5438
ord3313
ord665
ord5180
ord354
ord925
ord927
ord922
ord1203
ord1220
ord2863
ord5571
ord3520
ord433
ord4197
ord5706
ord1637
ord4158
ord1197
ord2914
ord4015
ord2719
ord2722
ord2721
ord1941
ord2144
ord6451
ord6597
ord3792
ord2372
ord2373
ord2559
ord4265
ord1131
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord4282
ord1226
ord5047
ord1787
ord2567
ord4390
ord3397
ord3569
ord609
ord4279
ord4118
ord3084
ord6166
ord6871
ord5781
ord940
ord1147
ord6654
ord1137
ord3605
ord656
ord765
ord6456
ord4474
ord3087
ord2637
ord2100
ord6373
ord2070
ord6195
ord3716
ord795
ord2108
ord6655
ord3693
ord3952
ord2634
ord1863
ord1000
ord5585
ord394
ord696
ord3430
ord4180
ord3625
ord2572
ord4394
ord682
ord1836
ord1841
ord4078
ord1840
ord5801
ord6082
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord2033
ord498
ord1008
ord3470
ord4254
ord5845
ord4709
ord2638
ord5784
ord472
ord4253
ord3714
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord793
ord768
ord489
ord2286
ord2354
ord2294
ord4970
ord6330
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord3798
ord6190
ord4119
ord1807
ord5857
ord3898
ord1644
ord2862
ord2104
ord6191
ord3515
ord6397
ord3865
ord2455
ord3706
ord783
ord1808
ord4229
ord324
ord2706
ord6004
ord6896
ord2293
ord668
ord2762
ord356
ord1850
ord2644
ord1662
ord4532
ord3525
ord2431
ord1686
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord3128
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord4943
ord2533
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord3264
ord2981
ord3075
ord4076
ord4618
ord5821
ord1202
ord723
ord4244
ord4990
ord4737
ord5884
ord5975
ord6124
ord5569
ord3194
ord5027
ord5570
ord3052
ord4814
ord2558
ord3257
ord812
ord1088
ord5858
ord5606
ord4524
ord4538
ord4517
ord5681
ord3269
ord439
ord736
ord5491
ord5778
ord3915
ord1255
ord1824
ord5647
ord350
ord4028
ord5638
ord1083
ord501
ord1113
ord1112
ord5446
ord3371
ord423
ord1125
ord1607
ord4805
ord1678
ord6036
ord1679
ord3469
ord5002
ord956
ord353
ord6865
ord5679
ord5949
ord3494
ord2507
ord355
ord801
ord541
ord4037
ord2605
ord1699
ord6566
ord729
ord2496
ord2787
ord430
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord1834
ord4237
ord4787
ord5248
ord5224
ord1714
ord4583
ord4582
ord4893
ord4364
ord4886
ord4529
ord5070
ord4335
ord4342
ord4881
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord5256
ord4426
ord761
ord480
ord1896
ord4251
ord4888
ord4717
ord5115
ord674
ord5479
ord2488
ord5955
ord3114
ord6038
ord3225
ord3207
ord2896
ord5980
ord3198

msvcrt

_ftol
wcscmp
wcsstr
_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
free
malloc
strchr
swscanf
__CxxFrameHandler
wcslen
wcstod
wcscpy
wcsncpy
calloc
realloc
_wsplitpath
wcstombs
floor
fseek
_fstat
_wfopen
fclose
ftell
fgetws
isprint
swprintf
isxdigit
qsort
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
wcsncmp
_CxxThrowException
wcschr
ceil
wcsrchr
_wcsdup
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_CIpow

kernel32

IsDBCSLeadByte
lstrcpyW
InterlockedDecrement
lstrcpynW
GlobalSize
LocalFree
GetPrivateProfileIntW
GetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringW
GetFileAttributesW
lstrcmpA
EnumResourceNamesW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceW
LoadResource
LockResource
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
GetModuleHandleW
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
SystemParametersInfoW
DefWindowProcW
LoadCursorW
GetForegroundWindow
GetLastActivePopup
GetWindowLongW
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
GetCapture
GetMessageW
ClientToScreen
GetScrollPos
DispatchMessageW
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
GetWindowPlacement
ShowWindow
DrawTextW
LoadIconW
DeferWindowPos
BeginDeferWindowPos
CreateAcceleratorTableW
wsprintfW
GetDlgItem
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageW
DrawFrameControl
SetCursor
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetWindow
GetClassNameW
DrawFocusRect
FillRect
GetFocus
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
GrayStringW
DrawAnimatedRects
FindWindowW
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
GetClassLongW
SetClassLongW
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
LoadMenuW
CopyImage
SetClipboardData
LoadBitmapW
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateW
DestroyAcceleratorTable
UnionRect
TranslateMessage
HideCaret
WinHelpW
OpenClipboard
VkKeyScanW
GetDoubleClickTime
IsChild
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
DragDetect
ShowCaret
GetScrollInfo
EndDeferWindowPos
DestroyCaret
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
GetWindowRgn
CallWindowProcW
RegisterWindowMessageW
IsWindowUnicode
SetWindowLongW
GetWindowLongA
SetWindowLongA
SendMessageW
OffsetRect
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsW
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontW
GetCharWidthW
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
CombineRgn
GetClipBox
GetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
MoveToEx
Polyline
Ellipse
LineTo
Rectangle
GetTextExtentPointW
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
GetStockObject
EnumFontFamiliesExW
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
SetBkMode
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

shell32

DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
Shell_NotifyIconW

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
VariantClear
LoadRegTypeLi
SafeArrayCreate

Exports

Exports

?interfaceMap@CWebBrowserSite@@1UAFX_INTERFACEMAP@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/Codejock.SkinFramework.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

b97546b32de3f20f9d20a53cbd559da6

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64
Signer

Actual PE Digest

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5825
ord423
ord723
ord5163
ord1614
ord3797
ord4299
ord3474
ord5008
ord800
ord2764
ord6877
ord5572
ord2915
ord2818
ord540
ord939
ord924
ord537
ord1168
ord1567
ord665
ord5442
ord353
ord268
ord6874
ord535
ord3262
ord1206
ord1223
ord2486
ord3237
ord860
ord1601
ord858
ord4278
ord5683
ord2514
ord2385
ord6374
ord4627
ord640
ord4160
ord2450
ord6199
ord1640
ord323
ord641
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord1140
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord5575
ord3525
ord433
ord861
ord539
ord674
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord2556
ord3571
ord3626
ord4668
ord1146
ord5314
ord324
ord6030
ord1269
ord3663
ord941
ord668
ord5710
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord4277
ord2763
ord2614
ord4624
ord6282
ord536
ord5440
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord2919
ord3517
ord3619
ord5875
ord764
ord3028
ord2863
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord567
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord3318
ord5186
ord354
ord926
ord2868
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord2567
ord1270
ord3402
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord755
ord470
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord6194
ord289
ord613
ord1262
ord1132
ord4081
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord3080
ord3376
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord1693
ord2439
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654
ord5023
ord4689
ord4648
ord4666
ord4129
ord4667
ord3530
ord1877
ord1133
ord2414
ord1641
ord1099
ord2864
ord562
ord1113
ord816
ord3258
ord1114
ord4021
ord823
ord2729
ord2730
ord2727
ord4003
ord614

msvcrt

_CxxThrowException
_ftol
_mbsrchr
_strdup
free
_mbscmp
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
atoi
__CxxFrameHandler
malloc
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_purecall

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
LocalFree
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
GetModuleFileNameA
lstrcpyA
GetFileAttributesA
MulDiv
lstrlenA
EnterCriticalSection
LocalAlloc

user32

GetClientRect
SetRectEmpty
GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSysColor
LoadStringA
LoadBitmapA
GetWindowRect
EqualRect
InvalidateRect
SystemParametersInfoA
AdjustWindowRectEx
EnableWindow
SetTimer
KillTimer
GetKeyState
SetRect
CopyRect
OffsetRect
InflateRect
ReleaseCapture
GetParent
GetWindowLongA
SendMessageA
GetSystemMetrics
PtInRect
GetDC
ReleaseDC
GetDesktopWindow
GetSystemMenu
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
MoveWindow
DispatchMessageA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
RegisterWindowMessageA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenu
GetMenuItemCount
IsWindowVisible
GetDoubleClickTime
RegisterClassA
TranslateMessage
SetWindowRgn
SetClassLongA
GetFocus
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
PostMessageA
GetWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
DrawFrameControl
RegisterClassW
DrawEdge
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
IntersectRect
SetCapture
IsRectEmpty
GetCapture
GetMessageA
IsWindow
ClientToScreen

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

DragQueryFileA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/IPList.dat
RATS PACK/Blackshades v 5.4 Private/data/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/MSCOMCTL.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/MSDATGRD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

876294974e137decb1d3a02e0db7e3b1

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
CompareStringW
GetVersionExA
IsDBCSLeadByte
LoadResource
CompareStringA
FindResourceA
HeapReAlloc
LockResource
lstrcmpiA
lstrcpyA
GetLocaleInfoA
GetWindowsDirectoryA
lstrcpynA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
GetFileAttributesA
GetVersion
GetLastError
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
IsBadWritePtr
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
LoadLibraryA
EnterCriticalSection
HeapAlloc
GetProcessHeap
lstrlenA
GetProcAddress

user32

GetDesktopWindow
GetCapture
EndDialog
SetCursor
UnregisterClassA
ReleaseCapture
GetDlgItem
GetDCEx
WaitMessage
DefWindowProcA
GetWindow
GetActiveWindow
GetParent
EqualRect
SetWindowRgn
ShowWindow
SetParent
EndPaint
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
BeginPaint
EnableMenuItem
PeekMessageW
PostMessageW
RegisterWindowMessageA
KillTimer
SetTimer
wsprintfA
PeekMessageA
GetMessageA
PostQuitMessage
InvalidateRect
SetDlgItemTextA
TranslateMessage
CharNextA
IsWindowVisible
GetFocus
IsChild
GetDlgItemInt
SetDlgItemInt
GetWindowTextLengthA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
IsDlgButtonChecked
LoadMenuA
GetSubMenu
DestroyMenu
CheckDlgButton
TrackPopupMenu
GetScrollInfo
ScrollWindowEx
ShowScrollBar
DrawFrameControl
SetScrollInfo
EnableScrollBar
IntersectRect
DrawTextA
DrawTextW
WindowFromDC
DrawTextExW
SetRect
FillRect
InflateRect
OffsetRect
GetDC
DrawTextExA
UpdateWindow
GetWindowRect
GetClientRect
ReleaseDC
CreateDialogIndirectParamA
DialogBoxParamA
PostMessageA
PtInRect
WinHelpA
GetAsyncKeyState
DispatchMessageA
GetKeyState
CreateWindowExW
SetWindowLongW
RedrawWindow
SendMessageW
ClientToScreen
ScreenToClient
CallWindowProcW
CallWindowProcA
MoveWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
LoadBitmapA
RegisterClipboardFormatA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
SetFocus
MessageBeep
GetKeyboardLayout
GetWindowLongA
SendMessageA
GetSysColor
LoadCursorA
RegisterClassA
DestroyWindow
GetSystemMetrics
LoadStringA
GetMessagePos
EnumClipboardFormats
SetCapture

ole32

OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
OleLoadFromStream
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
CreateErrorInfo
SafeArrayAccessData
OleCreatePropertyFrame
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
OleCreatePictureIndirect
OleTranslateColor
VariantChangeTypeEx
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VarR4FromStr
VarBstrFromR4
VariantChangeType
VariantCopy
VariantClear
GetErrorInfo
VariantInit
SysStringLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SysAllocString

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreatePen
ExtTextOutA
CreateDCA
SetROP2
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
DeleteObject
CreateSolidBrush
GetTextExtentPoint32A
SetTextColor
DeleteDC
SetBkColor
CloseEnhMetaFile
GetDeviceCaps
CreateEnhMetaFileA
BitBlt
DeleteEnhMetaFile
GetObjectA
SetMapMode
DPtoLP
SelectClipRgn
GetWindowOrgEx
CreateRectRgnIndirect
Rectangle
IntersectClipRect
SetWindowOrgEx
PatBlt
SetTextAlign
GetDIBits
StretchDIBits
GetClipBox
CreateBitmap
GetSystemPaletteEntries
SelectObject
GetStockObject
CreateCompatibleDC
GetMapMode

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/MSDATGRD.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/MSInet.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
LoadLibraryA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/RICHTX32.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/Registrator.exe
.exe windows:4 windows x86 arch:x86

7e753ff681654f6baf71d608521060db

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

Actual PE Digest

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord800
ord2514
ord2764
ord537
ord1205
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1089
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord535
ord860
ord540
ord1168
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord858
ord1146
ord567
ord2358
ord2302
ord6215
ord5949
ord6199
ord3998
ord2614
ord4277
ord4129
ord6648
ord3092
ord4160
ord2863
ord668
ord2642
ord3178
ord2781
ord2770
ord924
ord356
ord6334
ord2379
ord755
ord470
ord3181
ord6907
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsrchr
__CxxFrameHandler
_setmbcp
_initterm

kernel32

GetCommandLineA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetSystemMenu
DrawIcon
GetClientRect
AppendMenuA
IsIconic
EnableWindow
SendMessageA
GetSystemMetrics
FindWindowA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/SetupOCX.bat
RATS PACK/Blackshades v 5.4 Private/data/icons/1.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/10.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/100.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/101.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/102.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/103.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/104.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/105.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/106.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/107.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/108.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/109.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/11.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/110.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/111.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/112.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/113.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/114.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/115.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/116.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/117.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/118.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/119.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/12.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/120.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/121.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/122.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/123.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/124.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/125.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/126.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/127.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/128.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/129.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/13.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/130.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/131.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/132.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/133.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/134.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/135.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/136.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/137.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/138.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/139.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/14.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/140.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/141.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/142.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/143.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/144.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/145.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/146.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/147.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/148.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/149.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/15.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/150.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/151.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/152.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/153.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/154.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/155.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/156.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/157.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/158.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/159.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/16.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/160.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/161.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/162.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/163.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/164.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/165.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/166.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/167.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/168.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/169.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/17.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/170.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/171.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/172.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/173.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/174.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/175.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/176.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/177.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/178.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/179.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/18.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/180.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/181.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/182.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/183.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/184.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/185.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/186.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/187.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/188.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/189.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/19.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/190.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/191.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/192.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/193.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/194.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/195.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/196.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/197.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/198.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/199.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/2.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/20.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/200.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/201.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/202.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/203.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/204.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/205.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/206.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/207.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/data/icons/208.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/209.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/21.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/210.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/211.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/212.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/213.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/214.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/215.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/216.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/217.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/218.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/219.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/22.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/220.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/221.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/222.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/223.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/224.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/225.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/226.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/227.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/228.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/229.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/23.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/230.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/231.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/232.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/233.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/234.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/235.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/236.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/237.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/238.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/239.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/24.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/240.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/241.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/25.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/26.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/27.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/28.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/29.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/3.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/30.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/31.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/32.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/33.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/34.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/35.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/36.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/37.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/38.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/39.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/4.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/40.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/41.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/42.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/43.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/44.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/45.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/46.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/47.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/48.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/49.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/5.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/50.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/51.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/52.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/53.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/54.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/55.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/56.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/57.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/58.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/59.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/6.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/60.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/61.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/62.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/63.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/64.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/65.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/66.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/67.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/68.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/69.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/7.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/70.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/71.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/72.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/73.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/74.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/75.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/76.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/77.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/78.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/79.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/8.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/80.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/81.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/82.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/83.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/84.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/85.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/86.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/87.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/88.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/89.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/9.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/90.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/91.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/92.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/93.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/94.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/95.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/96.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/97.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/98.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/99.gif
.gif
RATS PACK/Blackshades v 5.4 Private/data/icons/basic.png
.png
RATS PACK/Blackshades v 5.4 Private/data/icons/connections.png
.png
RATS PACK/Blackshades v 5.4 Private/data/icons/group.png
.png
RATS PACK/Blackshades v 5.4 Private/data/icons/misc.png
.png
RATS PACK/Blackshades v 5.4 Private/data/icons/star.png
.png
RATS PACK/Blackshades v 5.4 Private/data/icons/user.png
.png
RATS PACK/Blackshades v 5.4 Private/data/icons/user_gray.png
.png
RATS PACK/Blackshades v 5.4 Private/data/mswinsck.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/plugins/dos_sock.bss
RATS PACK/Blackshades v 5.4 Private/data/plugins/nir_cmd.bss
RATS PACK/Blackshades v 5.4 Private/data/plugins/pws_cdk.bss
RATS PACK/Blackshades v 5.4 Private/data/plugins/pws_chro.bss
RATS PACK/Blackshades v 5.4 Private/data/plugins/pws_ff.bss
RATS PACK/Blackshades v 5.4 Private/data/plugins/pws_mail.bss
RATS PACK/Blackshades v 5.4 Private/data/plugins/pws_mess.bss
RATS PACK/Blackshades v 5.4 Private/data/profiles/Default.bss
RATS PACK/Blackshades v 5.4 Private/data/profiles/alina.bss
RATS PACK/Blackshades v 5.4 Private/data/profiles/test.bss
RATS PACK/Blackshades v 5.4 Private/data/skins/Luna Royale.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/Mint.msstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/Orion.msstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/areao4 (2).msstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-brown.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-flashy-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-grey.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-light-gray.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-lines.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-mac-osx.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-office2k7.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

Actual PE Digest

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-simple-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-smooth.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/skins/bss-xpryoal.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61
Signer

Actual PE Digest

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/station.bin
.exe windows:4 windows x86 arch:x86

17887a44650fddb784069b34a95f3f62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord694
MethCallEngine
EVENT_SINK_Invoke
ord621
ord518
ord666
Zombie_GetTypeInfo
ord592
ord631
ord525
EVENT_SINK_AddRef
ord561
DllFunctionCall
ord563
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord606
ord713
ord608
ord717
ord319
ProcCallEngine
ord537
ord644
ord648
ord681
ord576
ord578
ord685
ord100
ord579
ord320
ord321
ord616
ord617
ord619
ord580
ord581

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/stub.bin
.exe windows:4 windows x86 arch:x86

2f6a6a37a2da00392a1f4c8deb3bc7be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord665
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord300
ord594
ord301
ord595
ord303
ord702
ord598
ord599
ord306
ord520
ord307
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/data/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/data/web/countries.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/ddos.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/ddosfail.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/ddosstats.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/dload.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/dloadfail.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/full.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/login.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/loginfail.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/main.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/os.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/pws.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/settings.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/unauth.bss
.html
RATS PACK/Blackshades v 5.4 Private/data/web/users.txt
RATS PACK/Blackshades v 5.4 Private/msvbvm60.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ce5958d8adf86078d58c0c6f95621ee9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
SetEnvironmentVariableA
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
RaiseException
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
OpenFile
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
GetCurrentProcessId
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
lstrcpynA
_lclose
_llseek
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
HeapSize
lstrlenA

user32

DdeClientTransaction
DdeAbandonTransaction
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
RegisterClassExA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
EnumWindows
EnumChildWindows
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
GetCaretPos
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeDisconnect
DdeConnect
DdeSetUserHandle
DdeNameService
DdeCreateStringHandleA
DdeUninitialize
DdeInitializeA
DdeFreeStringHandle
DdeQueryConvInfo
DdeQueryStringA
DdeFreeDataHandle
SetScrollRange
SetScrollPos
DrawFrameControl
LockWindowUpdate
CharLowerBuffA
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetCaretBlinkTime
SetCaretPos
GetWindowTextLengthA
CreateCaret
ShowCaret
HideCaret
DestroyCaret
GetScrollPos
GetClipboardFormatNameA
DrawTextExA
SetWindowRgn
ToAscii
CreateAcceleratorTableA
DestroyAcceleratorTable
ShowScrollBar
GetScrollInfo
GetLastActivePopup
GetMenuItemInfoA
SetMenuItemInfoA
SetKeyboardState
GetKeyboardState
GetQueueStatus
GetDoubleClickTime
SetWindowContextHelpId
TrackPopupMenu
SetMenuDefaultItem
DrawMenuBar
DeleteMenu
InsertMenuA
GetSubMenu
GetMenuItemID
GetMenu
SetMenu
CreateMenu
ModifyMenuA
CheckMenuItem
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
PostThreadMessageA
VkKeyScanA
CharLowerA
DrawIcon
MessageBoxIndirectA
DialogBoxParamA
IsCharAlphaA
EnumThreadWindows
SetScrollInfo

gdi32

RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
CreateCompatibleBitmap
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateCompatibleDC
SetViewportOrgEx
BitBlt
DeleteDC
IntersectClipRect
OffsetWindowOrgEx
SelectClipRgn
SelectPalette
CreatePalette
PtInRegion
OffsetRgn
ExtSelectClipRgn
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
CombineRgn
CreateFontIndirectA
GetTextExtentPointA
GetObjectA
GetBitmapBits
SetBkMode
SelectObject
ExtTextOutA
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkColor
CreatePen
CreateHatchBrush
UnrealizeObject
CreateSolidBrush
EndPage
DeleteObject

advapi32

RegQueryInfoKeyA
RegCreateKeyW
RegQueryValueExW
RegEnumValueA
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
BindMoniker
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
OleCreateLinkToFile
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad
CoLockObjectExternal

oleaut32

OleTranslateColor
OleCreatePropertyFrame
VariantInit
VariantClear
SysAllocString
SysFreeString
OleCreateFontIndirect
OleCreatePictureIndirect
SysAllocStringByteLen
OaBuildVersion
SysAllocStringLen
VariantChangeType
SetErrorInfo
CreateErrorInfo
GetErrorInfo
DispGetParam
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLibEx
UnRegisterTypeLi
LHashValOfNameSys
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
OleLoadPicture
SafeArrayDestroy
VariantCopy
VariantCopyInd
SafeArrayDestroyData
VariantChangeTypeEx
CreateDispTypeInfo
DispGetIDsOfNames
DispInvoke
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopy
OleIconToCursor
RevokeActiveObject
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayLock
SafeArrayUnlock
VarDateFromStr
SysReAllocStringLen
GetActiveObject
VarR8FromStr
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromDate
VarBstrFromCy
VarI2FromStr
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarCyFromStr
SysReAllocString
LHashValOfNameSysA
SysStringLen

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/remote database viewer/README.txt
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/Connections/.DS_Store
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/Connections/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/Connections/bssnet.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/dataTables.scrollingPagination.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/editable_ajax.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/jquery.dataTables.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/jquery.jeditable.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/jquery.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/jquery.quicksearch.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/SpryAssets/xpath.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/cddel.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/cdkey.php
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/conn.php
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/conndel.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/css/demo_page.css
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/css/demo_table.css
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/css/menu_style.css
.html
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/css/oneColLiqCtrHdr.css
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/css/style.css
.html
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/b-content3.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/bottom3.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/bottom_bar2.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/button2.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/button3.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/content2.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/copy document.psd
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/copy.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/copy_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/csv.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/csv_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/current-bg.gif
.gif
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/details_close.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/details_open.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/file_types.psd
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/menu-bg.gif
.gif
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/menu6.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/print.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/print_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/printer.psd
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/top.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/x.gif
.gif
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/x.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/xls.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/images/xls_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/index.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/keylog.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/as3/ZeroClipboard.as
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/as3/ZeroClipboardPdf.as
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/as3/lib/AlivePDF.swc
.zip
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/css/TableTools.css
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/css/TableTools_JUI.css
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/background.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/collection.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/collection_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/copy.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/copy_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/csv.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/csv_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/pdf.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/pdf_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/print.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/print_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/xls.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/images/xls_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/js/TableTools.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/js/TableTools.min.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/js/TableTools.min.js.gz
.gz
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/js/ZeroClipboard.js
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/js/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/swf/copy_cvs_xls.swf
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/media/swf/copy_cvs_xls_pdf.swf
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/pws.php
.js
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/pwsdel.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/rev.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/_notes/spryconn.php.mno
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/_notes/sprykl.php.mno
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/_notes/sprypws.php.mno
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/server_cdk.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/server_conn.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/server_pws.php
RATS PACK/Blackshades v 5.4 Private/remote database viewer/dbview/xml/server_pwsedit.php
RATS PACK/Blackshades v 5.4 Private/setup/CoolPlayer.exe
.exe windows:5 windows x86 arch:x86

e731a0eb5a871c8e2bac936ab9cfdd3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb

Imports

comctl32

ord17

kernel32

SetFileAttributesW
GetFullPathNameA
MoveFileA
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
SetFileAttributesA
GetNumberFormatA
lstrcmpiA
GetProcAddress
DosDateTimeToFileTime
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
GetModuleFileNameW
SetEnvironmentVariableA
GetCommandLineA
LocalFileTimeToFileTime
SystemTimeToFileTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetFileTime
GetStdHandle
ReadFile
SetLastError
CreateFileW
CreateFileA
GetFileType
SetFilePointer
CloseHandle
SetEndOfFile
GetLastError
GetLocaleInfoA

user32

OemToCharBuffA
CharLowerA
wvsprintfA
FindWindowExA
GetClassNameA
ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
CharToOemBuffA
CharToOemA
OemToCharA
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DestroyWindow
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
LoadStringA
SetWindowPos
GetWindowTextA
GetSystemMetrics
GetWindow
CharUpperA
GetWindowRect
LoadIconA
GetParent
EnableWindow
DispatchMessageA

gdi32

GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
DeleteDC

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/setup/IPconfig.bat
RATS PACK/Blackshades v 5.4 Private/setup/PassPort.msi
.msi
RATS PACK/Blackshades v 5.4 Private/setup/Server5.4.exe
.exe windows:4 windows x86 arch:x86

b876114877b29a61f9955d83081f159a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvbvm60

ord516

Sections

.MPRESS1
Size: 25KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/setup/host_script.bat
RATS PACK/Blackshades v 5.4 Private/setup/hosts_editor.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/setup/passPort-run.bat
RATS PACK/Blackshades v 5.4 Private/setup/passPort.bat
RATS PACK/Blackshades v 5.4 Private/setup/version.txt
RATS PACK/Blackshades v 5.4 Private/skci/Blackshades NET Setup Tutorial.pdf
.pdf
RATS PACK/Blackshades v 5.4 Private/skci/Blackshades NET User Guide.pdf
.pdf
RATS PACK/Blackshades v 5.4 Private/skci/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/LICENCE.dat
.zip
RATS PACK/Blackshades v 5.4 Private/skci/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/Logs/RAZZAK^razzak-DCDCE7E3.txt
RATS PACK/Blackshades v 5.4 Private/skci/Read Me.txt
RATS PACK/Blackshades v 5.4 Private/skci/Thumbs.db
RATS PACK/Blackshades v 5.4 Private/skci/bs5.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

�'��H͹X�}V,;�]zUǳԨ77��|��DY�R%��EqY��@߲�N�ܗ,Ac�{��4�:&�}Sz '2�A]d�]��2 d X�8tġEiԻ��̦��6�B��xX&��bj�ѐ�ZvD�۽�ʓL�R�&��"!K��>E��$�E=��̰�_��S13D'�dY�4ʌ�Vl7_��%Cg�9�-��Ch,ϗ��:�ER��b�`�A�\':��:�@�Hh��li�><�t�`��|(�Ir>�/��!P� �z��K��3��a��o?X��sy��4��SK�|�z�U��10�|�R:�^�a��ŝG�:H �L�� i�&K�C��_"7=Sg��D8w��|�$��`;eA�];�b>�IC�% ��w��~Q�e��x~�`>��41��-�X|0�¸�E�^ t��L��dZ��h�"��CǝOU+��tq��}.Pa��|�D��-!p��8\�)�I5�/ўX��H�DaC{�CB{�&<��>ߞs�ɢ�=,h��C6K0��@p^�:�%��3�4�N��[�B��%�9�)?3��U��Ӻ�^� �F^��҆N��9�G#��'��ź;f�mnPv-V��2Ц!0��2O]�$Q$�� -�Ѭ��#��l6�X��=�� "PY��R�A��"��H&�x�Ѐj �P4��K��@aYŬ0ʲm��:�* �=�T5��A q�Ry5�� ^?]�Hz� @T}�`�*!�2Ҿ��Z=ߛ��=�=��Y^|o7��?��7cP˘~$`�O��4�4C�-�e�W��ݘ�f��{:bGY��~n�C�*��*�F{Z��TG�Ӭ�iu��Ҁ ŖH�ߟ#��ZCi�j�۫Zѽ�o8<�M7� ��mݾc�Љ3��;�<#��Y��Ls"C�BΦ��l��O�L#��2~�"ED��$��.q�^�l�5��b�D��2M�E��i�|��5s��b0��/r�f��r��^ӽ&�%"�PV4&0x��c��<��U�Vp2�<ے�:�ã�*@$�%f�w!U�0Z�_�5�ש�B)?M��0�j��<�Q*,j�͗��z��~ʫ|۞@��h<��TSK�� t�U��^�;K��We�� 2�s��eӲ�J��Ғ��l�-��1�^h��x�C�ٶ��{N@��WE[��Hm�xv㮆��<%�l_��>�P+��6K[n�ɣ#'j��g�u��1�#\�y��$��@��&�h��A�L��=��y'��=�$ɢ?te�,aK��Rt ��\��6��I�ҩ�g�,��f��ڂQ��D��.U��!��Z��[dQ��E��$��yh�j��d�h.�� o'��*A�8�.��Y��M\�� Q#t�W�G�CZ�#�{zX��-�?&�Ps.�?\��\PQ9�26H�6��L�,4��$�x��Jo'��f�j8n��G��nv��E#�)G�1*'y��#�/�g%m��|l�r��.8�/c�2��t��X�'��n2Եj��t^�{�cs֡>t]5{]��H�8�ҿ��|�Q刍�z~+�T�(=_�g-+o�W�=,< �Q��{ ��tGP.�5k��i�4��3W�,*�p�S�J��d ��Cʶ�.��9~>��]��.��8��bS+�8鈭�0.D�6��:v#�6�2m��jА��@�2��6��.#��D0 ��ס��I��u'Ir��Z��|��e�[d�+D-C��ǿ��Д+k�F�7��V�~iY��z268E��.��\uL+��/}��Yw�3n��>:#��jv�� Q=j�X�̽4��v3��,�<��L��]k��MB�t*�",��9�+��h�2/��Tk$�HGQ�>�8�R[�V�e�m9��ժ�{��c<}y<�Xy�U��r��Jz�;r�f��m�/k�^_�l��ܣ 3_�]��Z�S�iYe��|j�[��d�S��@}%��j"I`_�7=1��\��53�Zbx"��f'cIʞ+~LR�-e�Ov�uT�7}�`�g��t?��z��K�0�k)00��s��f�^��n�Y3`��B�elY��E��֓�#��[�Hj4FC��PQ*^�/?��#+Sp��Y!x=5�(��N=x��0��|p�>�ح��{��i��v��o1 �"��Y�^K� �xw��1pp��\mV} �f� ��D,�hΞ��r4^��<�D�rB��/�]~4��,�@�qX�_Zk)�P%[� E��\�w|�H<�R�Ě݌�©��B �?z�k0YC�`�,��)��w�ç ��2��U,/_ߔc��dԪ��I��/�#�#.CcJ l��1�*@�u��"F�&z��W��S/vY�G�Yf�Ob��x�k kLX��t3�vWq�6̭G��tdF 6��BV��e?��u��rB��|ʙ:��)�0<�i1a��I� �b��*V�u3Y7��a�5(�k$1��ξ6tw�p��k�O�a��=CW�;&�A��92δ`جIz��W��LrП��ϞW�#\B�v��szl�o~��QŶ�<��m�t}.(D :ٝd �yX9�㡵V�f�l�P�@%��m��E5�!�6U��>H�z�<��u�ń��T�v��y�!qy�aZ��5x��b)[!�"n =Ҩ)MR�`�O7M�i�J�;q�e`r��Th�O��a�vL��T��.K��%��_@ �� $�|�!`!xN��Aq��12�}S�� W�_B��"��kk� {fd� ��@A��p��Bʨ2U�ԩDC��oT<,�;�Ϧ�v�t,��ʏ��V RV�Yq�iЇ�+2�� `� �ܝ��|?BJt�p�V��>N,Qńd>qֹ��~�A*KG��KqWq� � Rd�vW��Z��_G��x��_�u3��F��N�%�\�Kb�Ǘރ;a��1��V?�{=㍆��b��[e��%ðV&�V�'��1v�\��3� 9��E}ġ�FU��09��o0&�u^��;z�:�b��e�%��C�Z'�B�i��0�N`��{U�K��k��"��%��1��J��S&vқT�p�(�MD��7�?^��ntܬ ��b� �κ��_R��柤Q<��N��o��F̞Ւ"�D� l��&l$��F��p�P+D��P8U�g6|��H�1�hkB�v�,hL��mYᛍ��x�y�D�}��땽T��/K�<��$h|N�ø��l$�Y��_�@��(�:,��+�R'}3��(�٢;��[��4�ՕTb�:9;j��+�w�(��~H*yj��]�#�Ei�vd��=��6�^�@1��G7�Mn��A�˗syv�Sx��?cW�

Sections

Size: 658KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 460.7MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 17KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/skci/client.exe
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 1.2MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mozzvlzv
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jwiegmjg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/skci/client.ini
RATS PACK/Blackshades v 5.4 Private/skci/data/CODEJO~1.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/CODEJO~2.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/CODEJO~3.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/Codejock.Controls.Unicode.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

56accb93af10812d19391799de9a7230

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc
Signer

Actual PE Digest

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5436
ord6379
ord6390
ord4215
ord2576
ord3649
ord2430
ord1173
ord6193
ord6375
ord6376
ord6211
ord6051
ord1768
ord5286
ord3737
ord567
ord818
ord4294
ord6437
ord1230
ord4270
ord755
ord470
ord613
ord289
ord2371
ord6037
ord2444
ord1143
ord1258
ord1560
ord268
ord703
ord603
ord1961
ord2446
ord273
ord403
ord2385
ord1252
ord1763
ord462
ord3110
ord3310
ord3465
ord452
ord6303
ord521
ord4162
ord6153
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord6489
ord4272
ord6279
ord4273
ord2755
ord4199
ord834
ord836
ord2806
ord4155
ord2805
ord5210
ord1565
ord849
ord850
ord906
ord845
ord537
ord1130
ord2225
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2885
ord6568
ord857
ord941
ord6771
ord536
ord6381
ord6385
ord1971
ord5438
ord3313
ord665
ord5180
ord354
ord925
ord927
ord922
ord1203
ord1220
ord2863
ord5571
ord3520
ord433
ord4197
ord5706
ord1637
ord4158
ord1197
ord2914
ord4015
ord2719
ord2722
ord2721
ord1941
ord2144
ord6451
ord6597
ord3792
ord2372
ord2373
ord2559
ord4265
ord1131
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord4282
ord1226
ord5047
ord1787
ord2567
ord4390
ord3397
ord3569
ord609
ord4279
ord4118
ord3084
ord6166
ord6871
ord5781
ord940
ord1147
ord6654
ord1137
ord3605
ord656
ord765
ord6456
ord4474
ord3087
ord2637
ord2100
ord6373
ord2070
ord6195
ord3716
ord795
ord2108
ord6655
ord3693
ord3952
ord2634
ord1863
ord1000
ord5585
ord394
ord696
ord3430
ord4180
ord3625
ord2572
ord4394
ord682
ord1836
ord1841
ord4078
ord1840
ord5801
ord6082
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord2033
ord498
ord1008
ord3470
ord4254
ord5845
ord4709
ord2638
ord5784
ord472
ord4253
ord3714
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord793
ord768
ord489
ord2286
ord2354
ord2294
ord4970
ord6330
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord3798
ord6190
ord4119
ord1807
ord5857
ord3898
ord1644
ord2862
ord2104
ord6191
ord3515
ord6397
ord3865
ord2455
ord3706
ord783
ord1808
ord4229
ord324
ord2706
ord6004
ord6896
ord2293
ord668
ord2762
ord356
ord1850
ord2644
ord1662
ord4532
ord3525
ord2431
ord1686
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord3128
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord4943
ord2533
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord3264
ord2981
ord3075
ord4076
ord4618
ord5821
ord1202
ord723
ord4244
ord4990
ord4737
ord5884
ord5975
ord6124
ord5569
ord3194
ord5027
ord5570
ord3052
ord4814
ord2558
ord3257
ord812
ord1088
ord5858
ord5606
ord4524
ord4538
ord4517
ord5681
ord3269
ord439
ord736
ord5491
ord5778
ord3915
ord1255
ord1824
ord5647
ord350
ord4028
ord5638
ord1083
ord501
ord1113
ord1112
ord5446
ord3371
ord423
ord1125
ord1607
ord4805
ord1678
ord6036
ord1679
ord3469
ord5002
ord956
ord353
ord6865
ord5679
ord5949
ord3494
ord2507
ord355
ord801
ord541
ord4037
ord2605
ord1699
ord6566
ord729
ord2496
ord2787
ord430
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord1834
ord4237
ord4787
ord5248
ord5224
ord1714
ord4583
ord4582
ord4893
ord4364
ord4886
ord4529
ord5070
ord4335
ord4342
ord4881
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord5256
ord4426
ord761
ord480
ord1896
ord4251
ord4888
ord4717
ord5115
ord674
ord5479
ord2488
ord5955
ord3114
ord6038
ord3225
ord3207
ord2896
ord5980
ord3198

msvcrt

_ftol
wcscmp
wcsstr
_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
free
malloc
strchr
swscanf
__CxxFrameHandler
wcslen
wcstod
wcscpy
wcsncpy
calloc
realloc
_wsplitpath
wcstombs
floor
fseek
_fstat
_wfopen
fclose
ftell
fgetws
isprint
swprintf
isxdigit
qsort
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
wcsncmp
_CxxThrowException
wcschr
ceil
wcsrchr
_wcsdup
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_CIpow

kernel32

IsDBCSLeadByte
lstrcpyW
InterlockedDecrement
lstrcpynW
GlobalSize
LocalFree
GetPrivateProfileIntW
GetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringW
GetFileAttributesW
lstrcmpA
EnumResourceNamesW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceW
LoadResource
LockResource
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
GetModuleHandleW
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
SystemParametersInfoW
DefWindowProcW
LoadCursorW
GetForegroundWindow
GetLastActivePopup
GetWindowLongW
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
GetCapture
GetMessageW
ClientToScreen
GetScrollPos
DispatchMessageW
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
GetWindowPlacement
ShowWindow
DrawTextW
LoadIconW
DeferWindowPos
BeginDeferWindowPos
CreateAcceleratorTableW
wsprintfW
GetDlgItem
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageW
DrawFrameControl
SetCursor
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetWindow
GetClassNameW
DrawFocusRect
FillRect
GetFocus
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
GrayStringW
DrawAnimatedRects
FindWindowW
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
GetClassLongW
SetClassLongW
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
LoadMenuW
CopyImage
SetClipboardData
LoadBitmapW
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateW
DestroyAcceleratorTable
UnionRect
TranslateMessage
HideCaret
WinHelpW
OpenClipboard
VkKeyScanW
GetDoubleClickTime
IsChild
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
DragDetect
ShowCaret
GetScrollInfo
EndDeferWindowPos
DestroyCaret
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
GetWindowRgn
CallWindowProcW
RegisterWindowMessageW
IsWindowUnicode
SetWindowLongW
GetWindowLongA
SetWindowLongA
SendMessageW
OffsetRect
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsW
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontW
GetCharWidthW
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
CombineRgn
GetClipBox
GetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
MoveToEx
Polyline
Ellipse
LineTo
Rectangle
GetTextExtentPointW
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
GetStockObject
EnumFontFamiliesExW
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
SetBkMode
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

shell32

DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
Shell_NotifyIconW

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
VariantClear
LoadRegTypeLi
SafeArrayCreate

Exports

Exports

?interfaceMap@CWebBrowserSite@@1UAFX_INTERFACEMAP@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/Codejock.SkinFramework.v12.0.2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

b97546b32de3f20f9d20a53cbd559da6

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64
Signer

Actual PE Digest

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5825
ord423
ord723
ord5163
ord1614
ord3797
ord4299
ord3474
ord5008
ord800
ord2764
ord6877
ord5572
ord2915
ord2818
ord540
ord939
ord924
ord537
ord1168
ord1567
ord665
ord5442
ord353
ord268
ord6874
ord535
ord3262
ord1206
ord1223
ord2486
ord3237
ord860
ord1601
ord858
ord4278
ord5683
ord2514
ord2385
ord6374
ord4627
ord640
ord4160
ord2450
ord6199
ord1640
ord323
ord641
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord1140
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord5575
ord3525
ord433
ord861
ord539
ord674
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord2556
ord3571
ord3626
ord4668
ord1146
ord5314
ord324
ord6030
ord1269
ord3663
ord941
ord668
ord5710
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord4277
ord2763
ord2614
ord4624
ord6282
ord536
ord5440
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord2919
ord3517
ord3619
ord5875
ord764
ord3028
ord2863
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord567
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord3318
ord5186
ord354
ord926
ord2868
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord2567
ord1270
ord3402
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord755
ord470
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord6194
ord289
ord613
ord1262
ord1132
ord4081
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord3080
ord3376
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord1693
ord2439
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654
ord5023
ord4689
ord4648
ord4666
ord4129
ord4667
ord3530
ord1877
ord1133
ord2414
ord1641
ord1099
ord2864
ord562
ord1113
ord816
ord3258
ord1114
ord4021
ord823
ord2729
ord2730
ord2727
ord4003
ord614

msvcrt

_CxxThrowException
_ftol
_mbsrchr
_strdup
free
_mbscmp
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
atoi
__CxxFrameHandler
malloc
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_purecall

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
LocalFree
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
GetModuleFileNameA
lstrcpyA
GetFileAttributesA
MulDiv
lstrlenA
EnterCriticalSection
LocalAlloc

user32

GetClientRect
SetRectEmpty
GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSysColor
LoadStringA
LoadBitmapA
GetWindowRect
EqualRect
InvalidateRect
SystemParametersInfoA
AdjustWindowRectEx
EnableWindow
SetTimer
KillTimer
GetKeyState
SetRect
CopyRect
OffsetRect
InflateRect
ReleaseCapture
GetParent
GetWindowLongA
SendMessageA
GetSystemMetrics
PtInRect
GetDC
ReleaseDC
GetDesktopWindow
GetSystemMenu
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
MoveWindow
DispatchMessageA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
RegisterWindowMessageA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenu
GetMenuItemCount
IsWindowVisible
GetDoubleClickTime
RegisterClassA
TranslateMessage
SetWindowRgn
SetClassLongA
GetFocus
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
PostMessageA
GetWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
DrawFrameControl
RegisterClassW
DrawEdge
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
IntersectRect
SetCapture
IsRectEmpty
GetCapture
GetMessageA
IsWindow
ClientToScreen

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

DragQueryFileA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/IPList.dat
RATS PACK/Blackshades v 5.4 Private/skci/data/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/MSCOMCTL.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/MSDATGRD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

876294974e137decb1d3a02e0db7e3b1

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
CompareStringW
GetVersionExA
IsDBCSLeadByte
LoadResource
CompareStringA
FindResourceA
HeapReAlloc
LockResource
lstrcmpiA
lstrcpyA
GetLocaleInfoA
GetWindowsDirectoryA
lstrcpynA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
GetFileAttributesA
GetVersion
GetLastError
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
IsBadWritePtr
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
LoadLibraryA
EnterCriticalSection
HeapAlloc
GetProcessHeap
lstrlenA
GetProcAddress

user32

GetDesktopWindow
GetCapture
EndDialog
SetCursor
UnregisterClassA
ReleaseCapture
GetDlgItem
GetDCEx
WaitMessage
DefWindowProcA
GetWindow
GetActiveWindow
GetParent
EqualRect
SetWindowRgn
ShowWindow
SetParent
EndPaint
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
BeginPaint
EnableMenuItem
PeekMessageW
PostMessageW
RegisterWindowMessageA
KillTimer
SetTimer
wsprintfA
PeekMessageA
GetMessageA
PostQuitMessage
InvalidateRect
SetDlgItemTextA
TranslateMessage
CharNextA
IsWindowVisible
GetFocus
IsChild
GetDlgItemInt
SetDlgItemInt
GetWindowTextLengthA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
IsDlgButtonChecked
LoadMenuA
GetSubMenu
DestroyMenu
CheckDlgButton
TrackPopupMenu
GetScrollInfo
ScrollWindowEx
ShowScrollBar
DrawFrameControl
SetScrollInfo
EnableScrollBar
IntersectRect
DrawTextA
DrawTextW
WindowFromDC
DrawTextExW
SetRect
FillRect
InflateRect
OffsetRect
GetDC
DrawTextExA
UpdateWindow
GetWindowRect
GetClientRect
ReleaseDC
CreateDialogIndirectParamA
DialogBoxParamA
PostMessageA
PtInRect
WinHelpA
GetAsyncKeyState
DispatchMessageA
GetKeyState
CreateWindowExW
SetWindowLongW
RedrawWindow
SendMessageW
ClientToScreen
ScreenToClient
CallWindowProcW
CallWindowProcA
MoveWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
LoadBitmapA
RegisterClipboardFormatA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
SetFocus
MessageBeep
GetKeyboardLayout
GetWindowLongA
SendMessageA
GetSysColor
LoadCursorA
RegisterClassA
DestroyWindow
GetSystemMetrics
LoadStringA
GetMessagePos
EnumClipboardFormats
SetCapture

ole32

OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
OleLoadFromStream
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
CreateErrorInfo
SafeArrayAccessData
OleCreatePropertyFrame
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
OleCreatePictureIndirect
OleTranslateColor
VariantChangeTypeEx
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VarR4FromStr
VarBstrFromR4
VariantChangeType
VariantCopy
VariantClear
GetErrorInfo
VariantInit
SysStringLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SysAllocString

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreatePen
ExtTextOutA
CreateDCA
SetROP2
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
DeleteObject
CreateSolidBrush
GetTextExtentPoint32A
SetTextColor
DeleteDC
SetBkColor
CloseEnhMetaFile
GetDeviceCaps
CreateEnhMetaFileA
BitBlt
DeleteEnhMetaFile
GetObjectA
SetMapMode
DPtoLP
SelectClipRgn
GetWindowOrgEx
CreateRectRgnIndirect
Rectangle
IntersectClipRect
SetWindowOrgEx
PatBlt
SetTextAlign
GetDIBits
StretchDIBits
GetClipBox
CreateBitmap
GetSystemPaletteEntries
SelectObject
GetStockObject
CreateCompatibleDC
GetMapMode

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/MSDATGRD.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/MSInet.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
LoadLibraryA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09-04-1996 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16-11-1999 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04-04-2000 00:00

Not After

17-04-2001 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/RICHTX32.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/Registrator.exe
.exe windows:4 windows x86 arch:x86

7e753ff681654f6baf71d608521060db

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

Actual PE Digest

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord800
ord2514
ord2764
ord537
ord1205
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1089
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord535
ord860
ord540
ord1168
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord858
ord1146
ord567
ord2358
ord2302
ord6215
ord5949
ord6199
ord3998
ord2614
ord4277
ord4129
ord6648
ord3092
ord4160
ord2863
ord668
ord2642
ord3178
ord2781
ord2770
ord924
ord356
ord6334
ord2379
ord755
ord470
ord3181
ord6907
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsrchr
__CxxFrameHandler
_setmbcp
_initterm

kernel32

GetCommandLineA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetSystemMenu
DrawIcon
GetClientRect
AppendMenuA
IsIconic
EnableWindow
SendMessageA
GetSystemMetrics
FindWindowA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/SetupOCX.bat
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/1.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/10.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/100.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/101.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/102.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/103.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/104.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/105.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/106.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/107.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/108.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/109.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/11.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/110.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/111.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/112.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/113.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/114.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/115.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/116.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/117.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/118.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/119.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/12.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/120.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/121.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/122.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/123.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/124.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/125.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/126.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/127.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/128.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/129.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/13.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/130.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/131.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/132.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/133.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/134.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/135.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/136.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/137.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/138.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/139.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/14.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/140.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/141.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/142.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/143.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/144.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/145.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/146.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/147.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/148.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/149.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/15.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/150.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/151.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/152.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/153.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/154.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/155.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/156.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/157.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/158.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/159.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/16.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/160.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/161.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/162.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/163.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/164.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/165.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/166.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/167.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/168.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/169.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/17.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/170.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/171.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/172.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/173.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/174.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/175.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/176.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/177.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/178.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/179.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/18.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/180.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/181.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/182.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/183.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/184.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/185.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/186.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/187.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/188.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/189.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/19.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/190.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/191.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/192.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/193.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/194.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/195.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/196.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/197.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/198.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/199.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/2.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/20.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/200.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/201.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/202.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/203.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/204.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/205.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/206.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/207.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/208.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/209.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/21.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/210.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/211.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/212.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/213.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/214.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/215.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/216.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/217.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/218.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/219.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/22.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/220.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/221.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/222.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/223.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/224.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/225.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/226.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/227.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/228.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/229.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/23.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/230.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/231.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/232.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/233.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/234.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/235.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/236.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/237.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/238.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/239.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/24.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/240.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/241.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/25.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/26.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/27.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/28.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/29.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/3.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/30.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/31.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/32.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/33.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/34.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/35.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/36.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/37.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/38.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/39.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/4.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/40.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/41.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/42.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/43.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/44.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/45.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/46.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/47.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/48.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/49.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/5.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/50.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/51.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/52.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/53.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/54.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/55.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/56.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/57.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/58.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/59.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/6.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/60.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/61.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/62.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/63.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/64.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/65.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/66.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/67.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/68.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/69.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/7.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/70.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/71.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/72.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/73.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/74.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/75.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/76.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/77.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/78.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/79.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/8.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/80.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/81.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/82.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/83.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/84.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/85.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/86.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/87.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/88.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/89.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/9.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/90.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/91.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/92.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/93.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/94.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/95.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/96.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/97.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/98.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/99.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/basic.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/connections.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/group.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/misc.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/star.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/user.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/data/icons/user_gray.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/data/mswinsck.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/plugins/dos_sock.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/plugins/nir_cmd.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/plugins/pws_cdk.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/plugins/pws_chro.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/plugins/pws_ff.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/plugins/pws_mail.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/plugins/pws_mess.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/profiles/Default.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/profiles/alina.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/profiles/test.bss
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/Luna Royale.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/Mint.msstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/Orion.msstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/areao4 (2).msstyles
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-brown.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-flashy-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-grey.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-light-gray.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-lines.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-mac-osx.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-office2k7.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

Actual PE Digest

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-simple-black.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-smooth.skn
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/skins/bss-xpryoal.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61
Signer

Actual PE Digest

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/station.bin
.exe windows:4 windows x86 arch:x86

17887a44650fddb784069b34a95f3f62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord694
MethCallEngine
EVENT_SINK_Invoke
ord621
ord518
ord666
Zombie_GetTypeInfo
ord592
ord631
ord525
EVENT_SINK_AddRef
ord561
DllFunctionCall
ord563
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord606
ord713
ord608
ord717
ord319
ProcCallEngine
ord537
ord644
ord648
ord681
ord576
ord578
ord685
ord100
ord579
ord320
ord321
ord616
ord617
ord619
ord580
ord581

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/stub.bin
.exe windows:4 windows x86 arch:x86

2f6a6a37a2da00392a1f4c8deb3bc7be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord665
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord300
ord594
ord301
ord595
ord303
ord702
ord598
ord599
ord306
ord520
ord307
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/data/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/skci/data/web/countries.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/ddos.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/ddosfail.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/ddosstats.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/dload.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/dloadfail.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/full.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/login.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/loginfail.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/main.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/os.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/pws.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/settings.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/unauth.bss
.html
RATS PACK/Blackshades v 5.4 Private/skci/data/web/users.txt
RATS PACK/Blackshades v 5.4 Private/skci/msvbvm60.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ce5958d8adf86078d58c0c6f95621ee9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
SetEnvironmentVariableA
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
RaiseException
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
OpenFile
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
GetCurrentProcessId
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
lstrcpynA
_lclose
_llseek
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
HeapSize
lstrlenA

user32

DdeClientTransaction
DdeAbandonTransaction
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
RegisterClassExA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
EnumWindows
EnumChildWindows
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
GetCaretPos
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeDisconnect
DdeConnect
DdeSetUserHandle
DdeNameService
DdeCreateStringHandleA
DdeUninitialize
DdeInitializeA
DdeFreeStringHandle
DdeQueryConvInfo
DdeQueryStringA
DdeFreeDataHandle
SetScrollRange
SetScrollPos
DrawFrameControl
LockWindowUpdate
CharLowerBuffA
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetCaretBlinkTime
SetCaretPos
GetWindowTextLengthA
CreateCaret
ShowCaret
HideCaret
DestroyCaret
GetScrollPos
GetClipboardFormatNameA
DrawTextExA
SetWindowRgn
ToAscii
CreateAcceleratorTableA
DestroyAcceleratorTable
ShowScrollBar
GetScrollInfo
GetLastActivePopup
GetMenuItemInfoA
SetMenuItemInfoA
SetKeyboardState
GetKeyboardState
GetQueueStatus
GetDoubleClickTime
SetWindowContextHelpId
TrackPopupMenu
SetMenuDefaultItem
DrawMenuBar
DeleteMenu
InsertMenuA
GetSubMenu
GetMenuItemID
GetMenu
SetMenu
CreateMenu
ModifyMenuA
CheckMenuItem
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
PostThreadMessageA
VkKeyScanA
CharLowerA
DrawIcon
MessageBoxIndirectA
DialogBoxParamA
IsCharAlphaA
EnumThreadWindows
SetScrollInfo

gdi32

RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
CreateCompatibleBitmap
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateCompatibleDC
SetViewportOrgEx
BitBlt
DeleteDC
IntersectClipRect
OffsetWindowOrgEx
SelectClipRgn
SelectPalette
CreatePalette
PtInRegion
OffsetRgn
ExtSelectClipRgn
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
CombineRgn
CreateFontIndirectA
GetTextExtentPointA
GetObjectA
GetBitmapBits
SetBkMode
SelectObject
ExtTextOutA
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkColor
CreatePen
CreateHatchBrush
UnrealizeObject
CreateSolidBrush
EndPage
DeleteObject

advapi32

RegQueryInfoKeyA
RegCreateKeyW
RegQueryValueExW
RegEnumValueA
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
BindMoniker
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
OleCreateLinkToFile
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad
CoLockObjectExternal

oleaut32

OleTranslateColor
OleCreatePropertyFrame
VariantInit
VariantClear
SysAllocString
SysFreeString
OleCreateFontIndirect
OleCreatePictureIndirect
SysAllocStringByteLen
OaBuildVersion
SysAllocStringLen
VariantChangeType
SetErrorInfo
CreateErrorInfo
GetErrorInfo
DispGetParam
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLibEx
UnRegisterTypeLi
LHashValOfNameSys
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
OleLoadPicture
SafeArrayDestroy
VariantCopy
VariantCopyInd
SafeArrayDestroyData
VariantChangeTypeEx
CreateDispTypeInfo
DispGetIDsOfNames
DispInvoke
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopy
OleIconToCursor
RevokeActiveObject
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayLock
SafeArrayUnlock
VarDateFromStr
SysReAllocStringLen
GetActiveObject
VarR8FromStr
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromDate
VarBstrFromCy
VarI2FromStr
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarCyFromStr
SysReAllocString
LHashValOfNameSysA
SysStringLen

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/README.txt
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/Connections/.DS_Store
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/Connections/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/Connections/bssnet.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/dataTables.scrollingPagination.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/editable_ajax.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/jquery.dataTables.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/jquery.jeditable.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/jquery.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/jquery.quicksearch.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/SpryAssets/xpath.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/cddel.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/cdkey.php
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/conn.php
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/conndel.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/css/demo_page.css
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/css/demo_table.css
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/css/menu_style.css
.html
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/css/oneColLiqCtrHdr.css
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/css/style.css
.html
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/b-content3.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/bottom3.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/bottom_bar2.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/button2.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/button3.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/content2.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/copy document.psd
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/copy.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/copy_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/csv.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/csv_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/current-bg.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/details_close.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/details_open.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/file_types.psd
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/menu-bg.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/menu6.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/print.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/print_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/printer.psd
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/top.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/x.gif
.gif
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/x.jpg
.jpg
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/xls.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/images/xls_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/index.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/keylog.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/as3/ZeroClipboard.as
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/as3/ZeroClipboardPdf.as
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/as3/lib/AlivePDF.swc
.zip
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/css/TableTools.css
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/css/TableTools_JUI.css
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/css/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/background.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/collection.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/collection_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/copy.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/copy_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/csv.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/csv_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/pdf.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/pdf_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/print.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/print_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/xls.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/images/xls_hover.png
.png
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/js/TableTools.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/js/TableTools.min.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/js/TableTools.min.js.gz
.gz
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/js/ZeroClipboard.js
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/js/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/swf/copy_cvs_xls.swf
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/media/swf/copy_cvs_xls_pdf.swf
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/pws.php
.js
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/pwsdel.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/rev.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/_notes/dwsync.xml
.xml
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/_notes/spryconn.php.mno
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/_notes/sprykl.php.mno
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/_notes/sprypws.php.mno
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/server_cdk.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/server_conn.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/server_pws.php
RATS PACK/Blackshades v 5.4 Private/skci/remote database viewer/dbview/xml/server_pwsedit.php
RATS PACK/Blackshades v 5.4 Private/skci/setup/CoolPlayer.exe
.exe windows:5 windows x86 arch:x86

e731a0eb5a871c8e2bac936ab9cfdd3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb

Imports

comctl32

ord17

kernel32

SetFileAttributesW
GetFullPathNameA
MoveFileA
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
SetFileAttributesA
GetNumberFormatA
lstrcmpiA
GetProcAddress
DosDateTimeToFileTime
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
GetModuleFileNameW
SetEnvironmentVariableA
GetCommandLineA
LocalFileTimeToFileTime
SystemTimeToFileTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetFileTime
GetStdHandle
ReadFile
SetLastError
CreateFileW
CreateFileA
GetFileType
SetFilePointer
CloseHandle
SetEndOfFile
GetLastError
GetLocaleInfoA

user32

OemToCharBuffA
CharLowerA
wvsprintfA
FindWindowExA
GetClassNameA
ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
CharToOemBuffA
CharToOemA
OemToCharA
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DestroyWindow
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
LoadStringA
SetWindowPos
GetWindowTextA
GetSystemMetrics
GetWindow
CharUpperA
GetWindowRect
LoadIconA
GetParent
EnableWindow
DispatchMessageA

gdi32

GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
DeleteDC

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/setup/IPconfig.bat
RATS PACK/Blackshades v 5.4 Private/skci/setup/PassPort.msi
.msi
RATS PACK/Blackshades v 5.4 Private/skci/setup/Server5.4.exe
.exe windows:4 windows x86 arch:x86

b876114877b29a61f9955d83081f159a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvbvm60

ord516

Sections

.MPRESS1
Size: 25KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Blackshades v 5.4 Private/skci/setup/host_script.bat
RATS PACK/Blackshades v 5.4 Private/skci/setup/hosts_editor.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Blackshades v 5.4 Private/skci/setup/passPort-run.bat
RATS PACK/Blackshades v 5.4 Private/skci/setup/passPort.bat
RATS PACK/Blackshades v 5.4 Private/skci/setup/version.txt
RATS PACK/Blackshades v 5.4 Private/skci/sql/README.txt
RATS PACK/Blackshades v 5.4 Private/skci/sql/bssnet.sql
RATS PACK/Blackshades v 5.4 Private/sql/README.txt
RATS PACK/Blackshades v 5.4 Private/sql/bssnet.sql
RATS PACK/Cybergate 1.8/CyberGate_v1.18.0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Cybergate 1.8/GeoIP.dat
RATS PACK/Cybergate 1.8/Language/Default.ini
RATS PACK/Cybergate 1.8/Profiles/New User.ini
RATS PACK/Cybergate 1.8/Profiles/youtube.ini
RATS PACK/Cybergate 1.8/README.txt
RATS PACK/Cybergate 1.8/Settings/Login.ini
RATS PACK/Cybergate 1.8/Settings/Settings.ini
RATS PACK/Cybergate 1.8/Settings/cgdll1.dll
RATS PACK/Cybergate 1.8/Settings/formssettings.ini
RATS PACK/Cybergate 1.8/Settings/groups.ini
RATS PACK/Cybergate 1.8/core/GeoIP.dat
RATS PACK/Cybergate 1.8/core/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Cybergate 1.8/core/LICENCE.dat
.zip
RATS PACK/Cybergate 1.8/core/Language/Default.ini
RATS PACK/Cybergate 1.8/core/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Cybergate 1.8/core/Profiles/New User.ini
RATS PACK/Cybergate 1.8/core/Profiles/youtube.ini
RATS PACK/Cybergate 1.8/core/README.txt
RATS PACK/Cybergate 1.8/core/Settings/Login.ini
RATS PACK/Cybergate 1.8/core/Settings/Settings.ini
RATS PACK/Cybergate 1.8/core/Settings/cgdll1.dll
RATS PACK/Cybergate 1.8/core/Settings/formssettings.ini
RATS PACK/Cybergate 1.8/core/Settings/groups.ini
RATS PACK/Cybergate 1.8/core/cybf.exe
.exe windows:5 windows x86 arch:x86

259f82fefbc256d03a7ce92944f83bc5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32 kernel32

GetCurrentProcess �

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenA
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
WaitForMultipleObjects
VirtualQuery
VirtualAlloc
UpdateResourceA
TerminateThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryA
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProfileStringA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindNextChangeNotification
FindFirstFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
EndUpdateResourceA
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
BeginUpdateResourceA
Sleep
GetVersionExW

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TabbedTextOutA
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
ShowCaret
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LockWindowUpdate
LoadStringA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetComboBoxInfo
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
AdjustTokenPrivileges

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
Polygon
PlayEnhMetaFile
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExtCreateRegion
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt

ole32

CLSIDFromString
CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA
SHAppBarMessage
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation

wininet

InternetWriteFile
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
FtpSetCurrentDirectoryA
FtpOpenFileA

urlmon

IsValidURL

wsock32

WSACleanup
WSAStartup
gethostname
gethostbyname
ntohl
inet_ntoa
inet_addr

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutClose
PlaySoundA

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamSize
acmStreamClose
acmStreamOpen

ntdll

RtlIpv6AddressToStringW

iphlpapi

SetTcpEntry
GetUdpStatisticsEx
GetTcpStatisticsEx
GetIcmpStatisticsEx
GetIpStatisticsEx
GetExtendedUdpTable
GetExtendedTcpTable
GetIpForwardTable
GetIpNetTable
GetIpAddrTable
GetIfTable

ws2_32

getnameinfo

Sections

CODE
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CGDATA
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CGDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Cybergate 1.8/core/disclaimer.ini
RATS PACK/Cybergate 1.8/core/sound.wav
RATS PACK/Cybergate 1.8/disclaimer.ini
RATS PACK/Cybergate 1.8/sound.wav
RATS PACK/DarkComet Legacy/DarkComet_Full_setup.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/Leaf.xNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\leaf-xnet\Leaf.xNet\obj\Release\net452\Leaf.xNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/RDXService.dll
.dll windows:10 windows x64 arch:x64

41fe2269dd6b4fc9e271773a5a81f94b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RDXService.pdb

Imports

msvcrt

memcmp
__crtLCMapStringA
__crtLCMapStringW
memmove
memcpy
sprintf_s
_wtof
wcstok_s
swprintf_s
_set_errno
_XcptFilter
_amsg_exit
??1bad_cast@@UEAA@XZ
_CxxThrowException
_initterm
_wcsdup
_itow_s
abort
islower
?what@exception@@UEBAPEBDXZ
_get_current_locale
calloc
isupper
__pctype_func
memset
__C_specific_handler
?terminate@@YAXXZ
_free_locale
_get_errno
_ismbblead
___lc_codepage_func
___lc_handle_func
wcsstr
_lock
_unlock
__dllonexit
___mb_cur_max_func
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
_errno
_onexit
memcpy_s
setlocale
toupper
wcschr
wcsrchr
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnicmp
??1type_info@@UEAA@XZ
ldiv
_wcsicmp
_vsnwprintf
??_V@YAXPEAX@Z
realloc
__CxxFrameHandler3
strcspn
localeconv
??0bad_cast@@QEAA@PEBD@Z
free
wcsncmp
sqrtf

propsys

PSCreateMemoryPropertyStore
PropVariantToBoolean
VariantToStringAlloc
VariantToInt32

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHDeleteValueW

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Write
IStream_Size
SHCreateStreamOnFileEx

windows.storage

ShellExecuteExW
SHCreateItemFromParsingName
SHGetNameFromIDList
SHGetKnownFolderPath
ILClone
ord866

shcore

ord200

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer_Release
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoGetMalloc
CoTaskMemRealloc
CoTaskMemAlloc
CoReleaseServerProcess
CoRevokeClassObject
CoResumeClassObjects
CoSetProxyBlanket
CoAddRefServerProcess
CLSIDFromString
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoGetApartmentType
PropVariantClear
CoInitializeSecurity
CoUninitialize
StringFromGUID2
CoDisconnectObject
CoInitializeEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
DisableThreadLibraryCalls
LoadResource
LockResource
FindResourceExW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
SetEvent
CreateEventW
OpenEventW
ReleaseSemaphore
CreateEventExW
ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionEx
ResetEvent
DeleteCriticalSection
CreateMutexExW
ReleaseMutex
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
AcquireSRWLockShared
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventProviderEnabled

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegCopyTreeW
RegOpenCurrentUser
RegEnumKeyExW
RegEnumValueW
RegDeleteTreeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateProcessW
ResumeThread
OpenProcessToken
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
CreateThread
GetCurrentProcessId

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetLocaleInfoW
GetThreadUILanguage
FormatMessageW
GetGeoInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetTickCount

oleaut32

SysAllocString
VariantClear
SysFreeString

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-file-l1-1-0

CompareFileTime
DeleteFileW
FindClose
CreateDirectoryW
GetDriveTypeW
FindNextFileW
CreateFileW
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSizeEx
SetFilePointerEx
FindFirstFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

InitializeAcl
AdjustTokenPrivileges
GetLengthSid
AddAce
DeleteAce
IsWellKnownSid
RevertToSelf
ImpersonateLoggedOnUser
EqualSid
GetAce
GetAclInformation
GetTokenInformation
DestroyPrivateObjectSecurity

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName
PackageFamilyNameFromFullName
GetPackagesByPackageFamily

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

xmllite

CreateXmlWriter
CreateXmlReader

sspicli

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient10
ObjectStublessClient4
ObjectStublessClient8
ObjectStublessClient5
ObjectStublessClient3

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo

api-ms-win-shell-namespace-l1-1-0

SHParseDisplayName
ILFree

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord24
PathIsDirectoryEmptyW
StrFormatByteSizeEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpW
StrRChrW

ntdll

RtlGetDeviceFamilyInfoEnum
RtlGetVersion

api-ms-win-rtcore-ntuser-window-l1-1-0

SetWindowLongPtrW
RegisterClassExW
DefWindowProcW
GetWindowLongPtrW
GetMessageW
SetTimer
DestroyWindow
DispatchMessageW
TranslateMessage
PostQuitMessage
KillTimer
PeekMessageW
UnregisterClassW
CreateWindowExW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatusForUser

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathFindFileNameW
PathRemoveBackslashW
PathFindExtensionW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

appxalluserstore

GetAllPackagesToBeInstalledForUser
DeleteAllPackagesFromMainPackageArray

dmenrollengine

EnrollEngineInitialize

wlanapi

WlanFreeMemory
WlanGetProfile
WlanCloseHandle
WlanOpenHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo
OpenRDXDocumentW
ServiceMain

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/data/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/data/LICENCE.dat
.zip
RATS PACK/DarkComet Legacy/data/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/data/Leaf.xNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\leaf-xnet\Leaf.xNet\obj\Release\net452\Leaf.xNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/data/RDXService.dll
.dll windows:10 windows x64 arch:x64

41fe2269dd6b4fc9e271773a5a81f94b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RDXService.pdb

Imports

msvcrt

memcmp
__crtLCMapStringA
__crtLCMapStringW
memmove
memcpy
sprintf_s
_wtof
wcstok_s
swprintf_s
_set_errno
_XcptFilter
_amsg_exit
??1bad_cast@@UEAA@XZ
_CxxThrowException
_initterm
_wcsdup
_itow_s
abort
islower
?what@exception@@UEBAPEBDXZ
_get_current_locale
calloc
isupper
__pctype_func
memset
__C_specific_handler
?terminate@@YAXXZ
_free_locale
_get_errno
_ismbblead
___lc_codepage_func
___lc_handle_func
wcsstr
_lock
_unlock
__dllonexit
___mb_cur_max_func
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
_errno
_onexit
memcpy_s
setlocale
toupper
wcschr
wcsrchr
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnicmp
??1type_info@@UEAA@XZ
ldiv
_wcsicmp
_vsnwprintf
??_V@YAXPEAX@Z
realloc
__CxxFrameHandler3
strcspn
localeconv
??0bad_cast@@QEAA@PEBD@Z
free
wcsncmp
sqrtf

propsys

PSCreateMemoryPropertyStore
PropVariantToBoolean
VariantToStringAlloc
VariantToInt32

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHDeleteValueW

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Write
IStream_Size
SHCreateStreamOnFileEx

windows.storage

ShellExecuteExW
SHCreateItemFromParsingName
SHGetNameFromIDList
SHGetKnownFolderPath
ILClone
ord866

shcore

ord200

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer_Release
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoGetMalloc
CoTaskMemRealloc
CoTaskMemAlloc
CoReleaseServerProcess
CoRevokeClassObject
CoResumeClassObjects
CoSetProxyBlanket
CoAddRefServerProcess
CLSIDFromString
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoGetApartmentType
PropVariantClear
CoInitializeSecurity
CoUninitialize
StringFromGUID2
CoDisconnectObject
CoInitializeEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
DisableThreadLibraryCalls
LoadResource
LockResource
FindResourceExW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
SetEvent
CreateEventW
OpenEventW
ReleaseSemaphore
CreateEventExW
ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionEx
ResetEvent
DeleteCriticalSection
CreateMutexExW
ReleaseMutex
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
AcquireSRWLockShared
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventProviderEnabled

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegCopyTreeW
RegOpenCurrentUser
RegEnumKeyExW
RegEnumValueW
RegDeleteTreeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateProcessW
ResumeThread
OpenProcessToken
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
CreateThread
GetCurrentProcessId

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetLocaleInfoW
GetThreadUILanguage
FormatMessageW
GetGeoInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetTickCount

oleaut32

SysAllocString
VariantClear
SysFreeString

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-file-l1-1-0

CompareFileTime
DeleteFileW
FindClose
CreateDirectoryW
GetDriveTypeW
FindNextFileW
CreateFileW
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSizeEx
SetFilePointerEx
FindFirstFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

InitializeAcl
AdjustTokenPrivileges
GetLengthSid
AddAce
DeleteAce
IsWellKnownSid
RevertToSelf
ImpersonateLoggedOnUser
EqualSid
GetAce
GetAclInformation
GetTokenInformation
DestroyPrivateObjectSecurity

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName
PackageFamilyNameFromFullName
GetPackagesByPackageFamily

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

xmllite

CreateXmlWriter
CreateXmlReader

sspicli

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient10
ObjectStublessClient4
ObjectStublessClient8
ObjectStublessClient5
ObjectStublessClient3

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo

api-ms-win-shell-namespace-l1-1-0

SHParseDisplayName
ILFree

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord24
PathIsDirectoryEmptyW
StrFormatByteSizeEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpW
StrRChrW

ntdll

RtlGetDeviceFamilyInfoEnum
RtlGetVersion

api-ms-win-rtcore-ntuser-window-l1-1-0

SetWindowLongPtrW
RegisterClassExW
DefWindowProcW
GetWindowLongPtrW
GetMessageW
SetTimer
DestroyWindow
DispatchMessageW
TranslateMessage
PostQuitMessage
KillTimer
PeekMessageW
UnregisterClassW
CreateWindowExW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatusForUser

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathFindFileNameW
PathRemoveBackslashW
PathFindExtensionW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

appxalluserstore

GetAllPackagesToBeInstalledForUser
DeleteAllPackagesFromMainPackageArray

dmenrollengine

EnrollEngineInitialize

wlanapi

WlanFreeMemory
WlanGetProfile
WlanCloseHandle
WlanOpenHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo
OpenRDXDocumentW
ServiceMain

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/data/cdds.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/data/mf.dll
.dll windows:10 windows x64 arch:x64

719459db14d9cc3099d34aaeb3530c6a

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:49:8e:be:f2:6c:9c:39:ee:56:ff:63:51:67:de:96:40:1d:4c:c2:36:5b:f7:3a:dc:10:0b:79:b6:27:ed:6e
Signer

Actual PE Digest

a4:49:8e:be:f2:6c:9c:39:ee:56:ff:63:51:67:de:96:40:1d:4c:c2:36:5b:f7:3a:dc:10:0b:79:b6:27:ed:6e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mf.pdb

Imports

msvcrt

wcscat_s
strncpy_s
_wcsnicmp
wcsnlen
strnlen
_vsnwprintf
wcscpy_s
qsort
_wcsicmp
wcsncmp
memmove_s
realloc
_initterm
wcsncpy_s
malloc
_callnewh
__CxxFrameHandler3
free
__C_specific_handler
_errno
_lock
_amsg_exit
_XcptFilter
_unlock
wcsrchr
_purecall
__dllonexit
_onexit
memcpy_s
memchr
memcmp
memcpy
memmove
memset

ntdll

RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadResource
FindResourceExW
SizeofResource
FreeLibrary
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
EnterCriticalSection
CreateMutexExW
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex
InitializeCriticalSection
InitializeSRWLock
CreateEventW
SetEvent

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
CreateThread
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
TlsSetValue
TlsGetValue
ProcessIdToSessionId

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualFree
UnmapViewOfFile
MapViewOfFile
VirtualAlloc

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFinalPathNameByHandleW
GetDiskFreeSpaceW
GetFileSize
GetFullPathNameW
ReadFile
WriteFile

api-ms-win-core-shlwapi-legacy-l1-1-0

PathSkipRootW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

rpcrt4

UuidFromStringW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateAC3MediaSink
MFCreateADTSMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateFMPEG4MediaSink
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateMuxSink
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProtectedEnvironmentAccess
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetLocalId
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemId
MFGetTopoNodeCurrentType
MFLoadSignedLibrary
MFRR_CreateActivate
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/DarkComet Legacy/mf.dll
.dll windows:10 windows x64 arch:x64

719459db14d9cc3099d34aaeb3530c6a

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:49:8e:be:f2:6c:9c:39:ee:56:ff:63:51:67:de:96:40:1d:4c:c2:36:5b:f7:3a:dc:10:0b:79:b6:27:ed:6e
Signer

Actual PE Digest

a4:49:8e:be:f2:6c:9c:39:ee:56:ff:63:51:67:de:96:40:1d:4c:c2:36:5b:f7:3a:dc:10:0b:79:b6:27:ed:6e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mf.pdb

Imports

msvcrt

wcscat_s
strncpy_s
_wcsnicmp
wcsnlen
strnlen
_vsnwprintf
wcscpy_s
qsort
_wcsicmp
wcsncmp
memmove_s
realloc
_initterm
wcsncpy_s
malloc
_callnewh
__CxxFrameHandler3
free
__C_specific_handler
_errno
_lock
_amsg_exit
_XcptFilter
_unlock
wcsrchr
_purecall
__dllonexit
_onexit
memcpy_s
memchr
memcmp
memcpy
memmove
memset

ntdll

RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadResource
FindResourceExW
SizeofResource
FreeLibrary
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
EnterCriticalSection
CreateMutexExW
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex
InitializeCriticalSection
InitializeSRWLock
CreateEventW
SetEvent

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
CreateThread
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
TlsSetValue
TlsGetValue
ProcessIdToSessionId

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualFree
UnmapViewOfFile
MapViewOfFile
VirtualAlloc

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFinalPathNameByHandleW
GetDiskFreeSpaceW
GetFileSize
GetFullPathNameW
ReadFile
WriteFile

api-ms-win-core-shlwapi-legacy-l1-1-0

PathSkipRootW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

rpcrt4

UuidFromStringW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateAC3MediaSink
MFCreateADTSMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateFMPEG4MediaSink
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateMuxSink
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProtectedEnvironmentAccess
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetLocalId
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemId
MFGetTopoNodeCurrentType
MFLoadSignedLibrary
MFRR_CreateActivate
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Celesty.exe
.exe windows:5 windows x86 arch:x86

64c713842ab4b8dc212c3c8be646bf1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
Sleep
VirtualFree
VirtualAlloc
SwitchToThread
GetACP
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UpdateResourceW
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
EndUpdateResourceW
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventW
CompareStringW
CloseHandle
BeginUpdateResourceW
Sleep
SetFilePointer
ReadFile
CreateFileA
SizeofResource
LoadResource
FindResourceA
Sleep
HeapDestroy
HeapCreate
HeapAlloc
SetThreadPriority
CreateThread
CloseHandle
WaitForSingleObject

msimg32

AlphaBlend

gdi32

WidenPath
UnrealizeObject
TextOutW
StrokePath
StrokeAndFillPath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetGraphicsMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetArcDirection
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtVisible
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetTextCharacterExtra
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateEllipticRgnIndirect
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CloseEnhMetaFile
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
DragFinish
DragAcceptFiles

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutClose

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 97KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/AR.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/EN.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/ES.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/FR.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/GR.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/IT.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/LV.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/NO.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/SE.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/SR.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/Lang/VN.ini
RATS PACK/Darkcomet 5.3.1/Celesty Binder/readme.txt
RATS PACK/Darkcomet 5.3.1/DarkComet.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/GeoIP.dat
RATS PACK/Darkcomet 5.3.1/Goodies/wallpaper_1.jpg
.jpg
RATS PACK/Darkcomet 5.3.1/Goodies/wallpaper_2.jpg
.jpg
RATS PACK/Darkcomet 5.3.1/Icons/againzip.ico
RATS PACK/Darkcomet 5.3.1/Icons/archive.ico
RATS PACK/Darkcomet 5.3.1/Icons/bittorrent.ico
RATS PACK/Darkcomet 5.3.1/Icons/chrome.ico
RATS PACK/Darkcomet 5.3.1/Icons/cubic.ico
RATS PACK/Darkcomet 5.3.1/Icons/emulefold.ico
RATS PACK/Darkcomet 5.3.1/Icons/facebook.ico
RATS PACK/Darkcomet 5.3.1/Icons/facedebook.ico
RATS PACK/Darkcomet 5.3.1/Icons/female.ico
RATS PACK/Darkcomet 5.3.1/Icons/ffox.ico
RATS PACK/Darkcomet 5.3.1/Icons/ffoxwhite.ico
RATS PACK/Darkcomet 5.3.1/Icons/girl.ico
RATS PACK/Darkcomet 5.3.1/Icons/heart.ico
RATS PACK/Darkcomet 5.3.1/Icons/idontknowlol.ico
RATS PACK/Darkcomet 5.3.1/Icons/limewire.ico
RATS PACK/Darkcomet 5.3.1/Icons/limwizearrow.ico
RATS PACK/Darkcomet 5.3.1/Icons/limy.ico
RATS PACK/Darkcomet 5.3.1/Icons/mov.ico
RATS PACK/Darkcomet 5.3.1/Icons/rar.ico
RATS PACK/Darkcomet 5.3.1/Icons/shareaza.ico
RATS PACK/Darkcomet 5.3.1/Icons/steam.ico
RATS PACK/Darkcomet 5.3.1/Icons/steamfag.ico
RATS PACK/Darkcomet 5.3.1/Icons/utorrent.ico
RATS PACK/Darkcomet 5.3.1/Icons/utorrent2.ico
RATS PACK/Darkcomet 5.3.1/Icons/utorrentfold.ico
RATS PACK/Darkcomet 5.3.1/Icons/viagrafemale.ico
RATS PACK/Darkcomet 5.3.1/Icons/win.ico
RATS PACK/Darkcomet 5.3.1/Icons/winfolder.ico
RATS PACK/Darkcomet 5.3.1/Icons/winmov.ico
RATS PACK/Darkcomet 5.3.1/Icons/wintool.ico
RATS PACK/Darkcomet 5.3.1/Icons/zipzip.ico
RATS PACK/Darkcomet 5.3.1/Plugins SRC/Edit Server Plugin Example/dc_msgbox.dpr
RATS PACK/Darkcomet 5.3.1/Plugins SRC/Edit Server Plugin Example/dc_msgbox.res
RATS PACK/Darkcomet 5.3.1/Spoof extensions/Spoofer.exe
.exe windows:5 windows x86 arch:x86

3522348ff9d086b792d82d1adbec5cc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
MoveFileW
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CopyFileW
CompareStringW
CloseHandle
Sleep
SetFilePointer
ReadFile
CreateFileA
SizeofResource
LoadResource
FindResourceA
Sleep
HeapDestroy
HeapCreate
HeapAlloc
SetThreadPriority
CreateThread
CloseHandle
WaitForSingleObject

msimg32

TransparentBlt
GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

Shell_NotifyIconW

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutClose

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 172KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Celesty.exe
.exe windows:5 windows x86 arch:x86

64c713842ab4b8dc212c3c8be646bf1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
Sleep
VirtualFree
VirtualAlloc
SwitchToThread
GetACP
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UpdateResourceW
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
EndUpdateResourceW
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventW
CompareStringW
CloseHandle
BeginUpdateResourceW
Sleep
SetFilePointer
ReadFile
CreateFileA
SizeofResource
LoadResource
FindResourceA
Sleep
HeapDestroy
HeapCreate
HeapAlloc
SetThreadPriority
CreateThread
CloseHandle
WaitForSingleObject

msimg32

AlphaBlend

gdi32

WidenPath
UnrealizeObject
TextOutW
StrokePath
StrokeAndFillPath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetGraphicsMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetArcDirection
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtVisible
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetTextCharacterExtra
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateEllipticRgnIndirect
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CloseEnhMetaFile
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
DragFinish
DragAcceptFiles

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutClose

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 97KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/AR.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/EN.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/ES.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/FR.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/GR.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/IT.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/LV.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/NO.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/SE.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/SR.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/Lang/VN.ini
RATS PACK/Darkcomet 5.3.1/cdp/Celesty Binder/readme.txt
RATS PACK/Darkcomet 5.3.1/cdp/GeoIP.dat
RATS PACK/Darkcomet 5.3.1/cdp/Goodies/wallpaper_1.jpg
.jpg
RATS PACK/Darkcomet 5.3.1/cdp/Goodies/wallpaper_2.jpg
.jpg
RATS PACK/Darkcomet 5.3.1/cdp/Icons/againzip.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/archive.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/bittorrent.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/chrome.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/cubic.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/emulefold.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/facebook.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/facedebook.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/female.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/ffox.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/ffoxwhite.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/girl.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/heart.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/idontknowlol.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/limewire.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/limwizearrow.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/limy.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/mov.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/rar.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/shareaza.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/steam.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/steamfag.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/utorrent.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/utorrent2.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/utorrentfold.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/viagrafemale.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/win.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/winfolder.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/winmov.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/wintool.ico
RATS PACK/Darkcomet 5.3.1/cdp/Icons/zipzip.ico
RATS PACK/Darkcomet 5.3.1/cdp/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/cdp/LICENCE.dat
.zip
RATS PACK/Darkcomet 5.3.1/cdp/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/cdp/Plugins SRC/Edit Server Plugin Example/dc_msgbox.dpr
RATS PACK/Darkcomet 5.3.1/cdp/Plugins SRC/Edit Server Plugin Example/dc_msgbox.res
RATS PACK/Darkcomet 5.3.1/cdp/Spoof extensions/Spoofer.exe
.exe windows:5 windows x86 arch:x86

3522348ff9d086b792d82d1adbec5cc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
MoveFileW
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CopyFileW
CompareStringW
CloseHandle
Sleep
SetFilePointer
ReadFile
CreateFileA
SizeofResource
LoadResource
FindResourceA
Sleep
HeapDestroy
HeapCreate
HeapAlloc
SetThreadPriority
CreateThread
CloseHandle
WaitForSingleObject

msimg32

TransparentBlt
GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

Shell_NotifyIconW

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutClose

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 172KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/cdp/changelog.txt
RATS PACK/Darkcomet 5.3.1/cdp/comet.db
RATS PACK/Darkcomet 5.3.1/cdp/config.ini
RATS PACK/Darkcomet 5.3.1/cdp/dc.exe
.exe windows:5 windows x86 arch:x86

2494efc890c2356634d592bc26e3292b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
VariantInit
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
GetUserNameW

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScrollDC
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
CharLowerA
CharUpperA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
Sleep
VirtualFree
VirtualAlloc
SwitchToThread
GetACP
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcmpW
_llseek
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UpdateResourceW
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryDosDeviceW
IsDebuggerPresent
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
EndUpdateResourceW
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateMutexW
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
BeginUpdateResourceW
Beep
Sleep
SetFilePointer
ReadFile
CreateFileA
SizeofResource
LoadResource
FindResourceA
Sleep
HeapDestroy
HeapCreate
HeapAlloc
SetThreadPriority
CreateThread
CloseHandle
WaitForSingleObject

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetCharABCWidthsA
GetCharABCWidthsW
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc
GetRandomRgn

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

imm32

ImmSetCompositionWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

SHGetFileInfoW
SHFileOperationW
ShellExecuteW
Shell_NotifyIconW
DragQueryPoint
DragQueryFileA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetPathFromIDListW
SHBrowseForFolderW

wininet

InternetWriteFile
InternetReadFile
InternetOpenUrlA
InternetOpenUrlW
InternetOpenA
InternetOpenW
InternetFindNextFileW
InternetConnectW
InternetCloseHandle
FtpGetFileSize
FtpRenameFileW
FtpRemoveDirectoryW
FtpPutFileW
FtpOpenFileW
FtpGetCurrentDirectoryW
FtpFindFirstFileW
FtpDeleteFileW
FtpCreateDirectoryW

urlmon

URLDownloadToFileW

comdlg32

FindTextW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
getprotobyname
gethostbyname
gethostbyaddr
socket
shutdown
sendto
send
select
recvfrom
recv
ntohs
ntohl
listen
ioctlsocket
inet_ntoa
inet_addr
htons
connect
closesocket
bind
accept

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutClose
timeGetTime
timeEndPeriod
timeBeginPeriod
sndPlaySoundW
PlaySoundW
mciSendStringW
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutClose

sqlite3

sqlite3_create_collation
sqlite3_bind_parameter_index
sqlite3_bind_null
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_double
sqlite3_bind_text
sqlite3_bind_blob
sqlite3_backup_finish
sqlite3_backup_step
sqlite3_backup_init
sqlite3_reset
sqlite3_finalize
sqlite3_column_int64
sqlite3_column_type
sqlite3_column_text
sqlite3_column_double
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_count
sqlite3_prepare_v2
sqlite3_prepare
sqlite3_total_changes
sqlite3_changes
sqlite3_busy_timeout
sqlite3_last_insert_rowid
sqlite3_free
sqlite3_errcode
sqlite3_errmsg
sqlite3_libversion
sqlite3_close
sqlite3_open

oleacc

LresultFromObject

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
acmFormatSuggest
acmFormatChooseA

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 101KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/cdp/readme_help.txt
RATS PACK/Darkcomet 5.3.1/cdp/skins/ClearLooks-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/ClearLooks-HUMAN.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Crystal Clear-CRCL1S.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/DarkComet.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Extensis-COPPER.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Extensis-EXTENSIS.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/GNOME-Blue.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/GNOME-Gray.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/GNOME-Green.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/GUIRelax-CINDER.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/GUIRelax-SKYMAN.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/GUIRelax-SUBTLE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/LE4-BLACKC.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/LE4-DEFAULT.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Longhorn DWM-DWM.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Longhorn Slate-Plex-SLATE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Longhorn Style-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Luna (Longhorn Revolution)-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Luna (Longhorn Revolution)-HOMESTEAD.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Luna (Longhorn Revolution)-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Luna (Longhorn Revolution)-NEON.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/MSN.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/MediaC-MEDIA1024.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Mollis-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/ONatural-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Office 2007.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/OpusOS-BLUEB2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/OpusOS-DEEP2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/OpusOS-OLIVE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Plex Style-PLEX.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Plex Style-PLEXM6SVR.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/RoueGrey-SLIM.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/RoueOlive-SLIM.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/RoueSteel-SLIM.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Royale Glass-GRAPHITE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Royale Glass-INDIGO.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Royale1-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Royale1-HOMESTEAD.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Royale1-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Samui-SAMUI.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Samui-SAMUI22.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Sustenance-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Sustenance-ERGO.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Sustenance-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Sustenance-OLIVE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Sustenance-SLATE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/System4-BLACK2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/System4-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/TD 4-PANTHER.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/TangoXP-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/TangoXP-OLIVE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Tiger-WINDOWB.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Tiger-WINDOWG.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Tiger2-TGR.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Tiger2-TGRPS.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/VistaXP-VISTAXPB2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/VistaXP-VISTAXPS2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Watercolor-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/Xplorer.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/corona-CORONA.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/corona-CORONA12.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/iTunes.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/luna-BLUE.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/luna-HOMESTEAD.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/luna-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/macos.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxp05.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxp1.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxp2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxp3.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin03.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin10.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin11.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin13.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin14.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin15.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin16.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin17.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin18.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin19.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin20.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin21.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin22.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin23.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin24.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin25.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin26.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin27.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin28.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin29.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin30.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin31.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin32.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin33.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin35.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin36.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin37.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin38.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin39.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin41.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin42.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin43.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin44.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin45.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin46.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin47.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin48.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin49.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin50.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin51.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin53.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin54.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin55.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin56.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin57.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin58.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin59.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin61.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin63.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin64.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin65.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin66.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin68.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin71.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin8.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/mxskin9.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/office2003.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/solaris99.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/wmpx-XMP2.skn
RATS PACK/Darkcomet 5.3.1/cdp/skins/wmpx-XMPX3.skn
RATS PACK/Darkcomet 5.3.1/cdp/sqlite3.dll
.dll windows:5 windows x86 arch:x86

1b1a70babde0a2663fcc833b56850660

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
EncodePointer
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LCMapStringW
GetStringTypeW
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Darkcomet 5.3.1/changelog.txt
RATS PACK/Darkcomet 5.3.1/comet.db
RATS PACK/Darkcomet 5.3.1/config.ini
RATS PACK/Darkcomet 5.3.1/readme_help.txt
RATS PACK/Darkcomet 5.3.1/skins/ClearLooks-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/ClearLooks-HUMAN.skn
RATS PACK/Darkcomet 5.3.1/skins/Crystal Clear-CRCL1S.skn
RATS PACK/Darkcomet 5.3.1/skins/DarkComet.skn
RATS PACK/Darkcomet 5.3.1/skins/Extensis-COPPER.skn
RATS PACK/Darkcomet 5.3.1/skins/Extensis-EXTENSIS.skn
RATS PACK/Darkcomet 5.3.1/skins/GNOME-Blue.skn
RATS PACK/Darkcomet 5.3.1/skins/GNOME-Gray.skn
RATS PACK/Darkcomet 5.3.1/skins/GNOME-Green.skn
RATS PACK/Darkcomet 5.3.1/skins/GUIRelax-CINDER.skn
RATS PACK/Darkcomet 5.3.1/skins/GUIRelax-SKYMAN.skn
RATS PACK/Darkcomet 5.3.1/skins/GUIRelax-SUBTLE.skn
RATS PACK/Darkcomet 5.3.1/skins/LE4-BLACKC.skn
RATS PACK/Darkcomet 5.3.1/skins/LE4-DEFAULT.skn
RATS PACK/Darkcomet 5.3.1/skins/Longhorn DWM-DWM.skn
RATS PACK/Darkcomet 5.3.1/skins/Longhorn Slate-Plex-SLATE.skn
RATS PACK/Darkcomet 5.3.1/skins/Longhorn Style-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/Luna (Longhorn Revolution)-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/Luna (Longhorn Revolution)-HOMESTEAD.skn
RATS PACK/Darkcomet 5.3.1/skins/Luna (Longhorn Revolution)-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/skins/Luna (Longhorn Revolution)-NEON.skn
RATS PACK/Darkcomet 5.3.1/skins/MSN.skn
RATS PACK/Darkcomet 5.3.1/skins/MediaC-MEDIA1024.skn
RATS PACK/Darkcomet 5.3.1/skins/Mollis-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/ONatural-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/Office 2007.skn
RATS PACK/Darkcomet 5.3.1/skins/OpusOS-BLUEB2.skn
RATS PACK/Darkcomet 5.3.1/skins/OpusOS-DEEP2.skn
RATS PACK/Darkcomet 5.3.1/skins/OpusOS-OLIVE.skn
RATS PACK/Darkcomet 5.3.1/skins/Plex Style-PLEX.skn
RATS PACK/Darkcomet 5.3.1/skins/Plex Style-PLEXM6SVR.skn
RATS PACK/Darkcomet 5.3.1/skins/RoueGrey-SLIM.skn
RATS PACK/Darkcomet 5.3.1/skins/RoueOlive-SLIM.skn
RATS PACK/Darkcomet 5.3.1/skins/RoueSteel-SLIM.skn
RATS PACK/Darkcomet 5.3.1/skins/Royale Glass-GRAPHITE.skn
RATS PACK/Darkcomet 5.3.1/skins/Royale Glass-INDIGO.skn
RATS PACK/Darkcomet 5.3.1/skins/Royale1-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/Royale1-HOMESTEAD.skn
RATS PACK/Darkcomet 5.3.1/skins/Royale1-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/skins/Samui-SAMUI.skn
RATS PACK/Darkcomet 5.3.1/skins/Samui-SAMUI22.skn
RATS PACK/Darkcomet 5.3.1/skins/Sustenance-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/Sustenance-ERGO.skn
RATS PACK/Darkcomet 5.3.1/skins/Sustenance-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/skins/Sustenance-OLIVE.skn
RATS PACK/Darkcomet 5.3.1/skins/Sustenance-SLATE.skn
RATS PACK/Darkcomet 5.3.1/skins/System4-BLACK2.skn
RATS PACK/Darkcomet 5.3.1/skins/System4-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/TD 4-PANTHER.skn
RATS PACK/Darkcomet 5.3.1/skins/TangoXP-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/TangoXP-OLIVE.skn
RATS PACK/Darkcomet 5.3.1/skins/Tiger-WINDOWB.skn
RATS PACK/Darkcomet 5.3.1/skins/Tiger-WINDOWG.skn
RATS PACK/Darkcomet 5.3.1/skins/Tiger2-TGR.skn
RATS PACK/Darkcomet 5.3.1/skins/Tiger2-TGRPS.skn
RATS PACK/Darkcomet 5.3.1/skins/VistaXP-VISTAXPB2.skn
RATS PACK/Darkcomet 5.3.1/skins/VistaXP-VISTAXPS2.skn
RATS PACK/Darkcomet 5.3.1/skins/Watercolor-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/Xplorer.skn
RATS PACK/Darkcomet 5.3.1/skins/corona-CORONA.skn
RATS PACK/Darkcomet 5.3.1/skins/corona-CORONA12.skn
RATS PACK/Darkcomet 5.3.1/skins/iTunes.skn
RATS PACK/Darkcomet 5.3.1/skins/luna-BLUE.skn
RATS PACK/Darkcomet 5.3.1/skins/luna-HOMESTEAD.skn
RATS PACK/Darkcomet 5.3.1/skins/luna-METALLIC.skn
RATS PACK/Darkcomet 5.3.1/skins/macos.skn
RATS PACK/Darkcomet 5.3.1/skins/mxp05.skn
RATS PACK/Darkcomet 5.3.1/skins/mxp1.skn
RATS PACK/Darkcomet 5.3.1/skins/mxp2.skn
RATS PACK/Darkcomet 5.3.1/skins/mxp3.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin03.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin10.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin11.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin13.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin14.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin15.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin16.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin17.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin18.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin19.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin2.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin20.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin21.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin22.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin23.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin24.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin25.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin26.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin27.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin28.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin29.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin30.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin31.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin32.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin33.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin35.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin36.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin37.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin38.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin39.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin41.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin42.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin43.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin44.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin45.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin46.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin47.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin48.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin49.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin50.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin51.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin53.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin54.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin55.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin56.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin57.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin58.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin59.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin61.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin63.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin64.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin65.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin66.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin68.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin71.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin8.skn
RATS PACK/Darkcomet 5.3.1/skins/mxskin9.skn
RATS PACK/Darkcomet 5.3.1/skins/office2003.skn
RATS PACK/Darkcomet 5.3.1/skins/solaris99.skn
RATS PACK/Darkcomet 5.3.1/skins/wmpx-XMP2.skn
RATS PACK/Darkcomet 5.3.1/skins/wmpx-XMPX3.skn
RATS PACK/Darkcomet 5.3.1/sqlite3.dll
.dll windows:5 windows x86 arch:x86

1b1a70babde0a2663fcc833b56850660

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
EncodePointer
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LCMapStringW
GetStringTypeW
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/HiveRAT Cracked/HiveRAT Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/HiveRAT Cracked/cc.dll
.dll windows:10 windows x64 arch:x64

e3d3af6e0b819e6e4e57a42ba9c239b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WSDApi.pdb

Imports

msvcrt

__dllonexit
_onexit
strncmp
_unlock
_wtol
_stricmp
vfwprintf_s
strcmp
fwprintf_s
_wfsopen
_wcserror
iswdigit
memset
_get_errno
fclose
_strnicmp
memcpy
time
memmove_s
wcstok_s
_callnewh
_XcptFilter
_amsg_exit
_vsnprintf
_initterm
tolower
free
_lock
__C_specific_handler
_purecall
wcsstr
wcsncmp
towlower
_wcsdup
_localtime64
_time64
_vsnwprintf
memcpy_s
_wcsnicmp
wcschr
malloc
_wcsicmp
memcmp
wcscmp

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwGetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolIo
CloseThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
StartThreadpoolIo
TrySubmitThreadpoolCallback
SetThreadpoolThreadMinimum
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolIo
WaitForThreadpoolIoCallbacks
CancelThreadpoolIo
CloseThreadpool
CreateThreadpool
WaitForThreadpoolTimerCallbacks
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSemaphore
ResetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject
SetEvent
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateSemaphoreExW
CreateMutexExW
InitializeCriticalSection
InitializeSRWLock
CreateWaitableTimerExW
CancelWaitableTimer
SetWaitableTimer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SleepEx
ReleaseSRWLockShared
CreateEventW
WaitForMultipleObjectsEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

rpcrt4

UuidCreate
UuidFromStringA

ws2_32

htons
setsockopt
ntohs
WSASocketW
WSAStringToAddressW
getsockname
socket
WSAIoctl
closesocket
WSACleanup
GetAddrInfoW
FreeAddrInfoW
WSAAddressToStringW
WSASendTo
WSADuplicateSocketW
WSARecvFrom
shutdown
WSAStartup
WSAGetLastError
bind

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WakeAllConditionVariable
InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-heap-l2-1-0

GlobalFree

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExA

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

iphlpapi

CancelMibChangeNotify2
GetBestRoute2
ConvertInterfaceGuidToLuid
GetAdaptersAddresses
NotifyUnicastIpAddressChange

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

nsi

NsiGetParameter

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

webservices

WsWriteChars
WsWriteEndAttribute
WsSetWriterPosition
WsGetWriterPosition
WsMoveWriter
WsWriteStartElement
WsWriteBytes
WsWriteEndElement
WsMoveReader
WsWriteXmlnsAttribute
WsWriteEndStartElement
WsWriteValue
WsWriteCharsUtf8
WsWriteText
WsReadStartElement
WsEndWriterCanonicalization
WsSetOutputToBuffer
WsGetWriterProperty
WsFreeReader
WsCopyNode
WsGetReaderNode
WsSetOutput
WsCreateWriter
WsSetInputToBuffer
WsCreateReader
WsFreeHeap
WsStartWriterCanonicalization
WsCreateXmlBuffer
WsCreateHeap
WsFreeWriter
WsWriteStartAttribute
WsReadBytes
WsReadChars
WsEndReaderCanonicalization
WsStartReaderCanonicalization
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsSkipNode
WsReadNode
WsSetInput
WsReadEndElement
WsReadToStartElement

firewallapi

FWGetConfig
FWQueryFirewallRules
IcfChangeNotificationDestroy
IsFirewallInCoExistanceMode
IcfChangeNotificationCreate
FWOpenPolicyStore
IcfAddrChangeNotificationCreate
FWFreeFirewallRules
FWClosePolicyStore
FWGetGlobalConfig
FWResetIndicatedTupleInUse
FWIndicateTupleInUse

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

WSDAddFirewallCheck
WSDAllocateLinkedMemory
WSDAttachLinkedMemory
WSDCancelNetworkChangeNotify
WSDCompareEndpoints
WSDCopyEndpoint
WSDCopyNameList
WSDCreateDeviceHost
WSDCreateDeviceHost2
WSDCreateDeviceHostAdvanced
WSDCreateDeviceProxy
WSDCreateDeviceProxy2
WSDCreateDeviceProxyAdvanced
WSDCreateDiscoveryProvider
WSDCreateDiscoveryProvider2
WSDCreateDiscoveryPublisher
WSDCreateDiscoveryPublisher2
WSDCreateHttpAddress
WSDCreateHttpMessageParameters
WSDCreateHttpTransport
WSDCreateMetadataAgent
WSDCreateOutboundAttachment
WSDCreateUdpAddress
WSDCreateUdpMessageParameters
WSDCreateUdpTransport
WSDDetachLinkedMemory
WSDFreeLinkedMemory
WSDGenerateFault
WSDGenerateFaultEx
WSDGenerateRandomDelay
WSDGetConfigurationOption
WSDNotifyNetworkChange
WSDProcessFault
WSDRemoveFirewallCheck
WSDSetConfigurationOption
WSDUriDecode
WSDUriEncode
WSDXMLAddChild
WSDXMLAddSibling
WSDXMLBuildAnyForSingleElement
WSDXMLCleanupElement
WSDXMLCompareNames
WSDXMLCreateContext
WSDXMLGetNameFromBuiltinNamespace
WSDXMLGetValueFromAny

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/HiveRAT Cracked/comm.manifest
RATS PACK/HiveRAT Cracked/data/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/HiveRAT Cracked/data/LICENCE.dat
.zip
RATS PACK/HiveRAT Cracked/data/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/HiveRAT Cracked/data/RDXService.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/HiveRAT Cracked/svg.css
RATS PACK/Loki Rat/LokiRAT_Relapse.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/PHP Files/admin.php
RATS PACK/Loki Rat/PHP Files/bot.php
RATS PACK/Loki Rat/PHP Files/connected.php
RATS PACK/Loki Rat/PHP Files/database.sql
RATS PACK/Loki Rat/PHP Files/settings.php
RATS PACK/Loki Rat/SkinSoft.OSSkin.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sas/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sas/LICENCE.dat
.zip
RATS PACK/Loki Rat/sas/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sas/PHP Files/admin.php
RATS PACK/Loki Rat/sas/PHP Files/bot.php
RATS PACK/Loki Rat/sas/PHP Files/connected.php
RATS PACK/Loki Rat/sas/PHP Files/database.sql
RATS PACK/Loki Rat/sas/PHP Files/settings.php
RATS PACK/Loki Rat/sas/SkinSoft.OSSkin.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sas/lrr.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 495KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/Loki Rat/sas/sxs.dll
.dll windows:10 windows x64 arch:x64

d862fce5077dfe4e06485a219a56323d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:db:80:95:d3:07:16:df:f5:3c:e2:07:be:31:61:48:06:90:0a:e5:97:ed:58:88:bf:01:36:96:01:41:36:ad
Signer

Actual PE Digest

2e:db:80:95:d3:07:16:df:f5:3c:e2:07:be:31:61:48:06:90:0a:e5:97:ed:58:88:bf:01:36:96:01:41:36:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sxs.pdb

Imports

ntdll

DbgPrintEx
RtlRaiseStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDowncaseUnicodeChar
EtwEventUnregister
EtwEventWrite
__C_specific_handler
RtlCopyMappedMemory
LdrResSearchResource
wcstol
RtlGetVersion
_wcsicmp
RtlUnhandledExceptionFilter
_vsnprintf_s
_snprintf_s
RtlGetFrame
wcsrchr
RtlHashUnicodeString
RtlNtStatusToDosError
_vsnwprintf_s
RtlDetermineDosPathNameType_U
wcsstr
RtlIsNonEmptyDirectoryReparsePointAllowed
wcsspn
wcscspn
RtlGetNtSystemRoot
RtlNtStatusToDosErrorNoTeb
RtlFindCharInUnicodeString
vsprintf_s
vDbgPrintEx
wcscat_s
swprintf_s
NtQueryDebugFilterState
sprintf_s
RtlCompareUnicodeString
RtlUpcaseUnicodeChar
qsort
bsearch
_lfind
RtlPopFrame
_i64tow
EtwEventRegister
wcschr
RtlFreeUnicodeString
RtlLcidToLocaleName
wcscpy_s
RtlPushFrame
memmove
__chkstk
memcmp
memcpy
memset

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

SetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
GetFileInformationByHandle
WriteFile
GetFileAttributesExW
GetFullPathNameW
CreateFileW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
SetFilePointerEx
ReadFile
FlushFileBuffers
FindFirstFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

kernel32

DelayLoadFailureHook
ResolveDelayLoadedAPI
GetSystemWow64DirectoryW
WerUnregisterFile
WerRegisterFile
LocalFree
SystemTimeToTzSpecificLocalTime
DeviceIoControl
FindActCtxSectionGuid
QueryActCtxW
FindActCtxSectionStringW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection

Exports

Exports

CreateAssemblyCache
CreateAssemblyNameObject
SxsBeginAssemblyInstall
SxsEndAssemblyInstall
SxsFindClrClassInformation
SxsFindClrSurrogateInformation
SxsGenerateActivationContext
SxsInstallW
SxsLookupClrGuid
SxsOleAut32MapConfiguredClsidToReferenceClsid
SxsOleAut32MapIIDOrCLSIDToTypeLibrary
SxsOleAut32MapIIDToProxyStubCLSID
SxsOleAut32MapIIDToTLBPath
SxsOleAut32MapReferenceClsidToConfiguredClsid
SxsOleAut32RedirectTypeLibrary
SxsProbeAssemblyInstallation
SxsQueryManifestInformation
SxsRunDllInstallAssembly
SxsRunDllInstallAssemblyW
SxsUninstallW
SxspGenerateManifestPathOnAssemblyIdentity

Sections

.text
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sas/sysmain.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e23fd95ffd3de1da386a5209635e7f78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sysmain.pdb

Imports

msvcrt

??3@YAXPEAX@Z
_XcptFilter
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_amsg_exit
free
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
strcmp
sqrt
powf
_callnewh
memset
malloc
_errno
wcstok
rand
_wtof
_wtoi
memmove_s
memcpy_s
memcmp
isprint
iswascii
towupper
_wcslwr
wcstoul
tolower
iswspace
wcsncmp
_strupr
_wcsupr_s
log
swscanf_s
wcsstr
_purecall
_wcsnicmp
feof
fgetws
wcschr
strnlen
strchr
strstr
_wfopen
_wcsupr
exp
_wcsicmp
memmove
srand
wcsnlen
bsearch
qsort
fclose
fopen
fprintf
_vsnprintf
_vsnwprintf
__C_specific_handler
__CxxFrameHandler3
__iob_func
??0exception@@QEAA@AEBQEBD@Z
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
ZwSetValueKey
ZwClose
ZwQueryValueKey
ZwCreateKey
RtlRandom
RtlInitUnicodeStringEx
RtlFreeUnicodeString
NtReadFile
NtSetInformationFile
RtlRbInsertNodeEx
NtQueryValueKey
RtlGetPersistedStateLocation
RtlRandomEx
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFindClearBitsAndSet
RtlInitializeBitMap
RtlClearBits
NtAllocateVirtualMemory
RtlFindLastBackwardRunClear
NtFreeVirtualMemory
NtSetInformationProcess
NtQueryDirectoryFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
DbgPrint
NtCreateKey
NtQueryInformationThread
RtlQueryWnfStateData
RtlDecompressBufferEx
RtlRbRemoveNode
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtSetInformationThread
NtQueryInformationProcess
RtlQueryPackageIdentity
NtEnumerateValueKey
NtQueryVirtualMemory
NtDeleteKey
NtOpenFile
NtCreateFile
NtQueryObject
NtQueryVolumeInformationFile
RtlAreBitsClear
RtlRaiseException
RtlFindClearBits
RtlSetAllBits
RtlFindSetBits
RtlInterlockedSetBitRun
RtlNumberOfClearBitsInRange
RtlAreBitsSet
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlNumberOfSetBits
RtlSetBits
RtlTestBit
RtlClearAllBits
RtlNumberOfSetBitsInRange
RtlGetSuiteMask
NtQueryLicenseValue
NtQueryInformationFile
RtlGetVersion
RtlImageNtHeader
NtDeviceIoControlFile
NtPowerInformation
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NtOpenEvent
NtOpenKey
NtQuerySystemInformation
RtlComputeCrc32
NtSetSystemInformation
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlNtStatusToDosError
NtClose
RtlQueryResourcePolicy

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
CreateEventW
WaitForSingleObject
AcquireSRWLockShared
EnterCriticalSection
CreateSemaphoreExW
SetEvent
ResetEvent
DeleteCriticalSection
CreateMutexExW
CreateWaitableTimerExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForMultipleObjectsEx
ReleaseSRWLockShared

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegEnumValueW
RegCloseKey
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegCopyTreeW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventUnregister
EventSetInformation
EventWrite
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadStringW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetLocalTime
GetTickCount64
GetSystemDirectoryW
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetCurrentProcess
OpenThreadToken
CreateThread
CreateProcessW
GetThreadPriority
GetCurrentThreadId
OpenProcessToken
ResumeThread
GetCurrentThread
OpenThread
SetThreadPriority

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualFree
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
ImpersonateSelf
IsValidSid
EqualSid
ImpersonateLoggedOnUser
FreeSid
DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-file-l1-1-0

FindNextVolumeW
FindFirstFileExW
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameW
FindFirstVolumeW
QueryDosDeviceW
LocalFileTimeToFileTime
SetFileInformationByHandle
SetFileAttributesW
SetFilePointerEx
GetFileAttributesW
SetFilePointer
GetFileTime
CreateFileW
FindNextFileW
ReadFile
DeleteFileW
FindClose
CompareFileTime
GetFinalPathNameByHandleW
FindFirstFileW
GetFileSize
GetFileSizeEx
FlushFileBuffers
WriteFile
FindVolumeClose

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapCreate
HeapAlloc
HeapDestroy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

rpcrt4

RpcBindingFromStringBindingW
RpcEpRegisterW
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFree
RpcStringBindingComposeW
RpcServerUnregisterIfEx
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
NdrServerCallAll
RpcBindingToStringBindingW
RpcServerRegisterIf3
RpcStringFreeW
RpcStringBindingParseW
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcServerInqBindings

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
DeactivateActCtx
FindActCtxSectionStringW
ActivateActCtx
CreateActCtxW

umpdc

PdcActivationClientRegister
PdcActivationClientUnregister
PdcActivationClientActivityRequest

powrprof

PowerSettingRegisterNotificationEx
PowerClearUserAwayPrediction
PowerSetUserAwayPrediction

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AgGlLoad
AgPdLoad
AgTwLoad
CloseReadyBoostPerfData
CollectReadyBoostPerfData
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
OpenReadyBoostPerfData
PfSvSysprepCleanup
PfSvUnattendCallback
PfSvWsSwapAssessmentTask
SysMtServiceMain

Sections

.text
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sas/verifier.exe
.exe windows:10 windows x64 arch:x64

764666dda4c898a2706331fb42d3893d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8
Signer

Actual PE Digest

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verifier.pdb

Imports

msvcrt

memcmp
__wgetmainargs
_XcptFilter
_amsg_exit
__set_app_type
_wsetlocale
?terminate@@YAXXZ
_commode
_fmode
swprintf_s
wcscat_s
_wfullpath
wcschr
_wcsicmp
memcpy
wcsrchr
wcscpy_s
_ltow_s
_ultow_s
wcsstr
_vsnwprintf
memmove
__C_specific_handler
wcsnlen
exit
_initterm
_exit
memcpy_s
wcstok_s
malloc
free
wcsncat_s
bsearch
wcsncmp
_cexit
_wcsnicmp
__setusermatherr
memset

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetTickCount
GetSystemDirectoryW
GetVersionExW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
GetFileType
WriteFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetStdHandle
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

ntdll

RtlCheckRegistryKey
RtlWriteRegistryValue
RtlAllocateHeap
RtlGetPersistedStateLocation
DbgPrint
NtQuerySystemInformation
RtlStringFromGUID
NtClose
NtDelayExecution
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlCreateRegistryKey
RtlEqualUnicodeString
RtlNtStatusToDosError
RtlAppendUnicodeToString
RtlQueryRegistryValuesEx
RtlDeleteRegistryValue
RtlCreateUnicodeString
RtlRandomEx
RtlSetAllBits
RtlCopyUnicodeString
RtlTestBit
RtlInitUnicodeString
NtSetSystemInformation
RtlUnicodeStringToInteger
NtQueryInformationToken
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlSetBit
RtlInitializeBitMap
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlFreeHeap

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupPrivilegeValueA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegSetKeySecurity
RegQueryValueExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
LoadResource
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sxs.dll
.dll windows:10 windows x64 arch:x64

d862fce5077dfe4e06485a219a56323d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:db:80:95:d3:07:16:df:f5:3c:e2:07:be:31:61:48:06:90:0a:e5:97:ed:58:88:bf:01:36:96:01:41:36:ad
Signer

Actual PE Digest

2e:db:80:95:d3:07:16:df:f5:3c:e2:07:be:31:61:48:06:90:0a:e5:97:ed:58:88:bf:01:36:96:01:41:36:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sxs.pdb

Imports

ntdll

DbgPrintEx
RtlRaiseStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDowncaseUnicodeChar
EtwEventUnregister
EtwEventWrite
__C_specific_handler
RtlCopyMappedMemory
LdrResSearchResource
wcstol
RtlGetVersion
_wcsicmp
RtlUnhandledExceptionFilter
_vsnprintf_s
_snprintf_s
RtlGetFrame
wcsrchr
RtlHashUnicodeString
RtlNtStatusToDosError
_vsnwprintf_s
RtlDetermineDosPathNameType_U
wcsstr
RtlIsNonEmptyDirectoryReparsePointAllowed
wcsspn
wcscspn
RtlGetNtSystemRoot
RtlNtStatusToDosErrorNoTeb
RtlFindCharInUnicodeString
vsprintf_s
vDbgPrintEx
wcscat_s
swprintf_s
NtQueryDebugFilterState
sprintf_s
RtlCompareUnicodeString
RtlUpcaseUnicodeChar
qsort
bsearch
_lfind
RtlPopFrame
_i64tow
EtwEventRegister
wcschr
RtlFreeUnicodeString
RtlLcidToLocaleName
wcscpy_s
RtlPushFrame
memmove
__chkstk
memcmp
memcpy
memset

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

SetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
GetFileInformationByHandle
WriteFile
GetFileAttributesExW
GetFullPathNameW
CreateFileW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
SetFilePointerEx
ReadFile
FlushFileBuffers
FindFirstFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

kernel32

DelayLoadFailureHook
ResolveDelayLoadedAPI
GetSystemWow64DirectoryW
WerUnregisterFile
WerRegisterFile
LocalFree
SystemTimeToTzSpecificLocalTime
DeviceIoControl
FindActCtxSectionGuid
QueryActCtxW
FindActCtxSectionStringW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection

Exports

Exports

CreateAssemblyCache
CreateAssemblyNameObject
SxsBeginAssemblyInstall
SxsEndAssemblyInstall
SxsFindClrClassInformation
SxsFindClrSurrogateInformation
SxsGenerateActivationContext
SxsInstallW
SxsLookupClrGuid
SxsOleAut32MapConfiguredClsidToReferenceClsid
SxsOleAut32MapIIDOrCLSIDToTypeLibrary
SxsOleAut32MapIIDToProxyStubCLSID
SxsOleAut32MapIIDToTLBPath
SxsOleAut32MapReferenceClsidToConfiguredClsid
SxsOleAut32RedirectTypeLibrary
SxsProbeAssemblyInstallation
SxsQueryManifestInformation
SxsRunDllInstallAssembly
SxsRunDllInstallAssemblyW
SxsUninstallW
SxspGenerateManifestPathOnAssemblyIdentity

Sections

.text
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/sysmain.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e23fd95ffd3de1da386a5209635e7f78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sysmain.pdb

Imports

msvcrt

??3@YAXPEAX@Z
_XcptFilter
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_amsg_exit
free
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
strcmp
sqrt
powf
_callnewh
memset
malloc
_errno
wcstok
rand
_wtof
_wtoi
memmove_s
memcpy_s
memcmp
isprint
iswascii
towupper
_wcslwr
wcstoul
tolower
iswspace
wcsncmp
_strupr
_wcsupr_s
log
swscanf_s
wcsstr
_purecall
_wcsnicmp
feof
fgetws
wcschr
strnlen
strchr
strstr
_wfopen
_wcsupr
exp
_wcsicmp
memmove
srand
wcsnlen
bsearch
qsort
fclose
fopen
fprintf
_vsnprintf
_vsnwprintf
__C_specific_handler
__CxxFrameHandler3
__iob_func
??0exception@@QEAA@AEBQEBD@Z
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
ZwSetValueKey
ZwClose
ZwQueryValueKey
ZwCreateKey
RtlRandom
RtlInitUnicodeStringEx
RtlFreeUnicodeString
NtReadFile
NtSetInformationFile
RtlRbInsertNodeEx
NtQueryValueKey
RtlGetPersistedStateLocation
RtlRandomEx
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFindClearBitsAndSet
RtlInitializeBitMap
RtlClearBits
NtAllocateVirtualMemory
RtlFindLastBackwardRunClear
NtFreeVirtualMemory
NtSetInformationProcess
NtQueryDirectoryFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
DbgPrint
NtCreateKey
NtQueryInformationThread
RtlQueryWnfStateData
RtlDecompressBufferEx
RtlRbRemoveNode
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtSetInformationThread
NtQueryInformationProcess
RtlQueryPackageIdentity
NtEnumerateValueKey
NtQueryVirtualMemory
NtDeleteKey
NtOpenFile
NtCreateFile
NtQueryObject
NtQueryVolumeInformationFile
RtlAreBitsClear
RtlRaiseException
RtlFindClearBits
RtlSetAllBits
RtlFindSetBits
RtlInterlockedSetBitRun
RtlNumberOfClearBitsInRange
RtlAreBitsSet
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlNumberOfSetBits
RtlSetBits
RtlTestBit
RtlClearAllBits
RtlNumberOfSetBitsInRange
RtlGetSuiteMask
NtQueryLicenseValue
NtQueryInformationFile
RtlGetVersion
RtlImageNtHeader
NtDeviceIoControlFile
NtPowerInformation
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NtOpenEvent
NtOpenKey
NtQuerySystemInformation
RtlComputeCrc32
NtSetSystemInformation
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlNtStatusToDosError
NtClose
RtlQueryResourcePolicy

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
CreateEventW
WaitForSingleObject
AcquireSRWLockShared
EnterCriticalSection
CreateSemaphoreExW
SetEvent
ResetEvent
DeleteCriticalSection
CreateMutexExW
CreateWaitableTimerExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForMultipleObjectsEx
ReleaseSRWLockShared

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegEnumValueW
RegCloseKey
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegCopyTreeW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventUnregister
EventSetInformation
EventWrite
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadStringW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetLocalTime
GetTickCount64
GetSystemDirectoryW
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetCurrentProcess
OpenThreadToken
CreateThread
CreateProcessW
GetThreadPriority
GetCurrentThreadId
OpenProcessToken
ResumeThread
GetCurrentThread
OpenThread
SetThreadPriority

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualFree
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
ImpersonateSelf
IsValidSid
EqualSid
ImpersonateLoggedOnUser
FreeSid
DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-file-l1-1-0

FindNextVolumeW
FindFirstFileExW
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameW
FindFirstVolumeW
QueryDosDeviceW
LocalFileTimeToFileTime
SetFileInformationByHandle
SetFileAttributesW
SetFilePointerEx
GetFileAttributesW
SetFilePointer
GetFileTime
CreateFileW
FindNextFileW
ReadFile
DeleteFileW
FindClose
CompareFileTime
GetFinalPathNameByHandleW
FindFirstFileW
GetFileSize
GetFileSizeEx
FlushFileBuffers
WriteFile
FindVolumeClose

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapCreate
HeapAlloc
HeapDestroy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

rpcrt4

RpcBindingFromStringBindingW
RpcEpRegisterW
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFree
RpcStringBindingComposeW
RpcServerUnregisterIfEx
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
NdrServerCallAll
RpcBindingToStringBindingW
RpcServerRegisterIf3
RpcStringFreeW
RpcStringBindingParseW
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcServerInqBindings

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
DeactivateActCtx
FindActCtxSectionStringW
ActivateActCtx
CreateActCtxW

umpdc

PdcActivationClientRegister
PdcActivationClientUnregister
PdcActivationClientActivityRequest

powrprof

PowerSettingRegisterNotificationEx
PowerClearUserAwayPrediction
PowerSetUserAwayPrediction

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AgGlLoad
AgPdLoad
AgTwLoad
CloseReadyBoostPerfData
CollectReadyBoostPerfData
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
OpenReadyBoostPerfData
PfSvSysprepCleanup
PfSvUnattendCallback
PfSvWsSwapAssessmentTask
SysMtServiceMain

Sections

.text
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Loki Rat/verifier.exe
.exe windows:10 windows x64 arch:x64

764666dda4c898a2706331fb42d3893d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8
Signer

Actual PE Digest

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verifier.pdb

Imports

msvcrt

memcmp
__wgetmainargs
_XcptFilter
_amsg_exit
__set_app_type
_wsetlocale
?terminate@@YAXXZ
_commode
_fmode
swprintf_s
wcscat_s
_wfullpath
wcschr
_wcsicmp
memcpy
wcsrchr
wcscpy_s
_ltow_s
_ultow_s
wcsstr
_vsnwprintf
memmove
__C_specific_handler
wcsnlen
exit
_initterm
_exit
memcpy_s
wcstok_s
malloc
free
wcsncat_s
bsearch
wcsncmp
_cexit
_wcsnicmp
__setusermatherr
memset

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetTickCount
GetSystemDirectoryW
GetVersionExW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
GetFileType
WriteFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetStdHandle
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

ntdll

RtlCheckRegistryKey
RtlWriteRegistryValue
RtlAllocateHeap
RtlGetPersistedStateLocation
DbgPrint
NtQuerySystemInformation
RtlStringFromGUID
NtClose
NtDelayExecution
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlCreateRegistryKey
RtlEqualUnicodeString
RtlNtStatusToDosError
RtlAppendUnicodeToString
RtlQueryRegistryValuesEx
RtlDeleteRegistryValue
RtlCreateUnicodeString
RtlRandomEx
RtlSetAllBits
RtlCopyUnicodeString
RtlTestBit
RtlInitUnicodeString
NtSetSystemInformation
RtlUnicodeStringToInteger
NtQueryInformationToken
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlSetBit
RtlInitializeBitMap
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlFreeHeap

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupPrivilegeValueA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegSetKeySecurity
RegQueryValueExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
LoadResource
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Paradox RAT/.gitattributes
RATS PACK/Paradox RAT/LICENSE
RATS PACK/Paradox RAT/Paradox RAT 4.2.3 Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Paradox RAT/Settings.ini
RATS PACK/Paradox RAT/data/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Paradox RAT/data/LICENCE.dat
.zip
RATS PACK/Paradox RAT/data/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Paradox RAT/data/Settings.ini
RATS PACK/Paradox RAT/data/Updater.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Jordan\Documents\Visual Studio 2010\Projects\Paradox Update Installer\Paradox Update Installer\obj\x86\Release\Paradox Update Installer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Paradox RAT/data/pr2.exe
.exe windows:4 windows x86 arch:x86

5f2df7257758bf2707e2911007001ebd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
CreateThread
LoadLibraryA
FindResourceA
GetModuleHandleA
LocalAlloc
LocalFree
GetCommandLineW
GlobalAlloc
GlobalFree
SetEvent
CreateProcessA
ExitProcess
GetTickCount

user32

GetClientRect
GetWindowRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ShowWindow
UpdateWindow
CreateWindowExA
LoadBitmapA
SendMessageA
DestroyWindow

Sections

.text
Size: 1.7MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dyamarC
Size: 375KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dyamarD
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Xtreme Rat v2.7/Language/default.ini
RATS PACK/Xtreme Rat v2.7/Profiles/Profile.ini
RATS PACK/Xtreme Rat v2.7/Settings/settings.ini
RATS PACK/Xtreme Rat v2.7/Xtreme Rat v2.7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Xtreme Rat v2.7/dbgcore/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Xtreme Rat v2.7/dbgcore/LICENCE.dat
.zip
RATS PACK/Xtreme Rat v2.7/dbgcore/Language/default.ini
RATS PACK/Xtreme Rat v2.7/dbgcore/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/Xtreme Rat v2.7/dbgcore/Profiles/Profile.ini
RATS PACK/Xtreme Rat v2.7/dbgcore/Settings/settings.ini
RATS PACK/Xtreme Rat v2.7/dbgcore/sound.wav
RATS PACK/Xtreme Rat v2.7/dbgcore/xrt.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 542KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RATS PACK/Xtreme Rat v2.7/sound.wav
RATS PACK/XtremeRat 3.5/Language/English.ini
RATS PACK/XtremeRat 3.5/Language/Español.ini
RATS PACK/XtremeRat 3.5/Language/Português.ini
RATS PACK/XtremeRat 3.5/RDXService.dll
.dll windows:10 windows x64 arch:x64

41fe2269dd6b4fc9e271773a5a81f94b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RDXService.pdb

Imports

msvcrt

memcmp
__crtLCMapStringA
__crtLCMapStringW
memmove
memcpy
sprintf_s
_wtof
wcstok_s
swprintf_s
_set_errno
_XcptFilter
_amsg_exit
??1bad_cast@@UEAA@XZ
_CxxThrowException
_initterm
_wcsdup
_itow_s
abort
islower
?what@exception@@UEBAPEBDXZ
_get_current_locale
calloc
isupper
__pctype_func
memset
__C_specific_handler
?terminate@@YAXXZ
_free_locale
_get_errno
_ismbblead
___lc_codepage_func
___lc_handle_func
wcsstr
_lock
_unlock
__dllonexit
___mb_cur_max_func
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
_errno
_onexit
memcpy_s
setlocale
toupper
wcschr
wcsrchr
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnicmp
??1type_info@@UEAA@XZ
ldiv
_wcsicmp
_vsnwprintf
??_V@YAXPEAX@Z
realloc
__CxxFrameHandler3
strcspn
localeconv
??0bad_cast@@QEAA@PEBD@Z
free
wcsncmp
sqrtf

propsys

PSCreateMemoryPropertyStore
PropVariantToBoolean
VariantToStringAlloc
VariantToInt32

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHDeleteValueW

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Write
IStream_Size
SHCreateStreamOnFileEx

windows.storage

ShellExecuteExW
SHCreateItemFromParsingName
SHGetNameFromIDList
SHGetKnownFolderPath
ILClone
ord866

shcore

ord200

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer_Release
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoGetMalloc
CoTaskMemRealloc
CoTaskMemAlloc
CoReleaseServerProcess
CoRevokeClassObject
CoResumeClassObjects
CoSetProxyBlanket
CoAddRefServerProcess
CLSIDFromString
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoGetApartmentType
PropVariantClear
CoInitializeSecurity
CoUninitialize
StringFromGUID2
CoDisconnectObject
CoInitializeEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
DisableThreadLibraryCalls
LoadResource
LockResource
FindResourceExW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
SetEvent
CreateEventW
OpenEventW
ReleaseSemaphore
CreateEventExW
ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionEx
ResetEvent
DeleteCriticalSection
CreateMutexExW
ReleaseMutex
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
AcquireSRWLockShared
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventProviderEnabled

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegCopyTreeW
RegOpenCurrentUser
RegEnumKeyExW
RegEnumValueW
RegDeleteTreeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateProcessW
ResumeThread
OpenProcessToken
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
CreateThread
GetCurrentProcessId

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetLocaleInfoW
GetThreadUILanguage
FormatMessageW
GetGeoInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetTickCount

oleaut32

SysAllocString
VariantClear
SysFreeString

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-file-l1-1-0

CompareFileTime
DeleteFileW
FindClose
CreateDirectoryW
GetDriveTypeW
FindNextFileW
CreateFileW
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSizeEx
SetFilePointerEx
FindFirstFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

InitializeAcl
AdjustTokenPrivileges
GetLengthSid
AddAce
DeleteAce
IsWellKnownSid
RevertToSelf
ImpersonateLoggedOnUser
EqualSid
GetAce
GetAclInformation
GetTokenInformation
DestroyPrivateObjectSecurity

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName
PackageFamilyNameFromFullName
GetPackagesByPackageFamily

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

xmllite

CreateXmlWriter
CreateXmlReader

sspicli

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient10
ObjectStublessClient4
ObjectStublessClient8
ObjectStublessClient5
ObjectStublessClient3

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo

api-ms-win-shell-namespace-l1-1-0

SHParseDisplayName
ILFree

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord24
PathIsDirectoryEmptyW
StrFormatByteSizeEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpW
StrRChrW

ntdll

RtlGetDeviceFamilyInfoEnum
RtlGetVersion

api-ms-win-rtcore-ntuser-window-l1-1-0

SetWindowLongPtrW
RegisterClassExW
DefWindowProcW
GetWindowLongPtrW
GetMessageW
SetTimer
DestroyWindow
DispatchMessageW
TranslateMessage
PostQuitMessage
KillTimer
PeekMessageW
UnregisterClassW
CreateWindowExW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatusForUser

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathFindFileNameW
PathRemoveBackslashW
PathFindExtensionW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

appxalluserstore

GetAllPackagesToBeInstalledForUser
DeleteAllPackagesFromMainPackageArray

dmenrollengine

EnrollEngineInitialize

wlanapi

WlanFreeMemory
WlanGetProfile
WlanCloseHandle
WlanOpenHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo
OpenRDXDocumentW
ServiceMain

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/XtremeRat 3.5/XtremeRAT 3.5 Private.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/XtremeRat 3.5/rdpcorets.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a18681cf7fc4526bce25b48ecb511ef1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RdpCoreTS.pdb

Imports

msvcrt

fclose
_wcsnicmp
floorf
log
wcsncmp
swprintf_s
wprintf
vswprintf_s
wcscpy_s
_CxxThrowException
_vsnwprintf
isalpha
swscanf
_amsg_exit
_aligned_free
_wcsicmp
fwrite
fprintf
malloc
free
wcscat_s
wcsnlen
_callnewh
_purecall
printf
ceilf
_wfopen
_strnicmp
calloc
?terminate@@YAXXZ
memcmp
memcpy
_lock
_XcptFilter
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
??0exception@@QEAA@XZ
strncpy_s
strnlen
sprintf_s
qsort
??1type_info@@UEAA@XZ
_initterm
__CxxFrameHandler3
wcschr
wcsncpy_s
memcpy_s
wcsrchr
memmove_s
_stricmp
_unlock
__dllonexit
memmove
memset
_wtoi
__C_specific_handler
_onexit
sqrt
_wfopen_s
_errno
pow
sqrtf
vsprintf_s
realloc
_aligned_malloc
wcscmp

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr
VariantCopy
VariantClear
SysAllocStringByteLen
VariantInit
SysAllocString
SysStringByteLen

api-ms-win-core-synch-l1-1-0

CreateEventW
EnterCriticalSection
SetEvent
WaitForMultipleObjectsEx
ReleaseSemaphore
InitializeSRWLock
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
ResetEvent
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSRWLockShared

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

SuspendThread
GetExitCodeThread
GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentThreadId
ResumeThread
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitializeConditionVariable

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadResource
GetModuleHandleExW
GetModuleHandleExA
DisableThreadLibraryCalls
FindResourceExW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
SizeofResource

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCreateKeyExW
RegEnumKeyExW
RegFlushKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CLSIDFromString
PropVariantClear
CoCreateGuid
CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
IIDFromString
PropVariantCopy
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventWrite
EventUnregister
EventRegister
EventActivityIdControl

ws2_32

closesocket

iphlpapi

GetAdapterIndex

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

FindClose
GetFileAttributesW
FindNextFileW
FindFirstFileW
ReadFile
CreateDirectoryW
WriteFile
SetFilePointerEx
ReadFileEx
DeleteFileW
WriteFileEx
GetTempFileNameW
GetFileInformationByHandle
CreateFileW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
WTSGetActiveConsoleSessionId
MoveFileW
BindIoCompletionCallback

ntdll

RtlNtStatusToDosError
RtlInitializeGenericTable
RtlEnumerateGenericTable
RtlDeleteElementGenericTable
WinSqmAddToStream
WinSqmSetDWORD
WinSqmEndSession
WinSqmStartSession
WinSqmIsOptedIn
RtlIpv4StringToAddressW
RtlInitUnicodeString
NtCreateFile
RtlLookupElementGenericTable
RtlInsertElementGenericTable
NtQuerySystemInformation
RtlIpv6StringToAddressW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx
CreateTimerQueueTimer

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc
GlobalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW
BuildSecurityDescriptorW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
EqualSid
CreateWellKnownSid
FreeSid
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
AccessCheckAndAuditAlarmW
InitializeSecurityDescriptor
MakeSelfRelativeSD
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetCPInfo
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCompareMemory
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemTime
GetTickCount64

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

crypt32

CryptProtectMemory
CryptUnprotectMemory

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharPrevA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhCloseQuery
PdhGetRawCounterValue

user32

UnionRect
LoadCursorW
DispatchMessageW
GetWindowThreadProcessId
GetMessageW
UnregisterDeviceNotification
IsClipboardFormatAvailable
UnregisterClassW
RegisterDeviceNotificationW
UnregisterClassA
CreateWindowExW
RegisterClassW
CopyRect
SetRect
GetClipboardFormatNameW
PostMessageW
SetWindowLongPtrW
RegisterClipboardFormatW
SendMessageW
GetWindowLongPtrW
DefWindowProcW
DestroyWindow

regapi

RegWinstationQuerySecurityConfig_Merged

rfxvmt

RfxVmtCloseChannel
RfxVmtWriteChannel
RfxVmtReadChannel
RfxVmtCreateChannel
RfxVmtGetDataAvailableEvent

rdpbase

RDPBASE_CreateInstance
?RdpPerfLoggerStaticTerminate@@YAXXZ
RDPServerStackDiagnostics_Unregister
?RdpPerfLoggerStaticInitialize@@YAXXZ
RDPServerStackDiagnostics_Register
RdpX_Threading_CreateCriticalSection
PAL_System_Sleep
RdpX_AtomicDecrement32
RdpX_AtomicIncrement32
PAL_System_AtomicCompareAndExchangePointer
RDPServerStackDiagnostics_LogDisconnect
RDPServerStackDiagnostics_LogFailure
RDPServerStackDiagnostics_LogCheckpoint
RDPWSStreamConnector_CreateInstance
PAL_System_CritSecInit
RDPENCORE_AddGlobalObject
PAL_System_SwitchToThread
RDPAPI_GetGlobalObject
PAL_System_AtomicCompareAndExchange
TSCreateCoreEvents
RDPENCHLPREG_ReadValueDWORD
PAL_System_CritSecLeave
PAL_System_CritSecEnter
PAL_System_AtomicIncrement
PAL_System_AtomicDecrement
PAL_System_CritSecTerminate
TSAlloc
TSFree
PAL_System_CritSecIsLockedByCurrentThread
TRC_TraceBufferW
MemCopyAligned_SSE
MemMoveReverseAligned_SSE
GetSupportedSSELevel_SSE
PAL_System_GetNumberOfProcessors
?NSRunLengthDecode@@YAKPEBEKPEAEK@Z
PAL_System_MemFree
RdpX_GetActivityIdPrefix
RgnlibBA_CreateInstance
RDPAPI_GetGenericCounter
CRDPCaps_CreateInstance
PAL_System_CritSecTryEnter
RDPAPI_GetLongCounter
PAL_System_ThreadGetId
PAL_System_MemAlloc

rdpserverbase

?GetGfxPipeSettingBOOL@@YAJPEAGHPEAH@Z
?LogRDPGraphicsFirstNonBlackFramePostLogon@RDPGraphicsTraceLogging@@YAXI@Z
RDPSERVERBASE_CreateInstance
?LogRDPGraphicsFirstNonBlackFrame@RDPGraphicsTraceLogging@@YAX_K@Z
?LogRDPGraphicsError@RDPGraphicsTraceLogging@@YAXU_GUID@@IIJ@Z
?LogRDPGraphicsSubsampleFailure@RDPGraphicsTraceLogging@@YAXJI@Z
?GetGraphicsSourceContext@RdpSurface@@QEAAJPEAPEAUIRdpGFXSourceUpdateContext@@@Z
RDPEncryptionTraceLogging_Register
?RDPGraphicsTraceLogging_Unregister@RDPGraphicsTraceLogging@@YAXXZ
RDPEncryptionTraceLogging_Unregister
?LogRDPGraphicsVOBRHint@RDPGraphicsTraceLogging@@YAXI_KII@Z
?LogRDPGraphicsSubsampleAdapter@RDPGraphicsTraceLogging@@YAXPEBGII@Z
?GetEncodingPixelMap@RdpSurface@@QEAAJPEAPEAVPixelMap@@@Z
?RDPGraphicsTraceLogging_Register@RDPGraphicsTraceLogging@@YAJXZ
?GetGfxPipeSettingUINT@@YAJPEAGIPEAI@Z

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetEntriesInAclW

rpcrt4

RpcBindingSetOption
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingSetAuthInfoExW
UuidCreate
I_RpcExceptionFilter
UuidToStringW
NdrClientCall3

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
PeekNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnquoteSpacesW
PathGetDriveNumberW
PathQuoteSpacesW
PathSkipRootW
PathIsUNCW
PathFindExtensionW

api-ms-win-core-url-l1-1-0

UrlIsW

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-perfcounters-l1-1-0

PerfDeleteInstance
PerfIncrementULongCounterValue
PerfSetCounterSetInfo
PerfCreateInstance
PerfStartProviderEx
PerfStopProvider
PerfSetULongCounterValue

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-core-comm-l1-1-0

SetCommTimeouts

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

gdi32

GetObjectW
DeleteObject
CreatePalette
GetMetaFileBitsEx
GetStockObject
GetPaletteEntries
SetMetaFileBitsEx
CreateMetaFileW
PlayMetaFile
CloseMetaFile
DeleteMetaFile

d3d11

D3D11CreateDevice

tlscsp

ord1
ord3
ord4
ord7
ord2

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalSize
GlobalLock

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RFX_CreateGFXService
RFX_CreatePluginFactory

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/XtremeRat 3.5/sysmain/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/XtremeRat 3.5/sysmain/LICENCE.dat
.zip
RATS PACK/XtremeRat 3.5/sysmain/Language/English.ini
RATS PACK/XtremeRat 3.5/sysmain/Language/Español.ini
RATS PACK/XtremeRat 3.5/sysmain/Language/Português.ini
RATS PACK/XtremeRat 3.5/sysmain/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/XtremeRat 3.5/sysmain/xrt3.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RATS PACK/jRat/Client.jar
.jar
RATS PACK/jRat/Decrypter.jar
.jar
RATS PACK/jRat/Downloader.jar
.jar
RATS PACK/jRat/Server.jar
.jar
RATS PACK/jRat/id.dat
RATS PACK/jRat/jRat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/jRat/keylogwords.dat
RATS PACK/jRat/settings.dat
RATS PACK/jRat/sockets.dat
RATS PACK/jRat/stats.dat
RATS PACK/jRat/vertdll/Client.jar
.jar
RATS PACK/jRat/vertdll/Decrypter.jar
.jar
RATS PACK/jRat/vertdll/Downloader.jar
.jar
RATS PACK/jRat/vertdll/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/jRat/vertdll/LICENCE.dat
.zip
RATS PACK/jRat/vertdll/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RATS PACK/jRat/vertdll/Server.jar
.jar
RATS PACK/jRat/vertdll/id.dat
RATS PACK/jRat/vertdll/ip-to-country.bin
RATS PACK/jRat/vertdll/jr.bat
RATS PACK/jRat/vertdll/keylogwords.dat
RATS PACK/jRat/vertdll/settings.dat
RATS PACK/jRat/vertdll/sockets.dat
RATS PACK/jRat/vertdll/stats.dat

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 186KB - Virtual size: 186KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 377KB - Virtual size: 380KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

56accb93af10812d19391799de9a7230

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5Certificate

Extended Key Usages

Key Usages

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dcSigner

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 924KB - Virtual size: 922KB

.rdata Size: 204KB - Virtual size: 201KB

.data Size: 56KB - Virtual size: 70KB

.rsrc Size: 332KB - Virtual size: 331KB

.reloc Size: 96KB - Virtual size: 95KB

b97546b32de3f20f9d20a53cbd559da6

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 186KB - Virtual size: 186KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 377KB - Virtual size: 380KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

b0:51:1d:1c:93:19:fb:72:0a:df:db:f8:6b:1a:7d:95:23:9d:c2:dc
Signer

.text
Size: 924KB - Virtual size: 922KB

.rdata
Size: 204KB - Virtual size: 201KB

.data
Size: 56KB - Virtual size: 70KB

.rsrc
Size: 332KB - Virtual size: 331KB

.reloc
Size: 96KB - Virtual size: 95KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

33:73:3f:7c:30:f0:0e:0c:7d:7c:8a:ff:b5:20:eb:6f:8c:73:71:64
Signer

.text
Size: 332KB - Virtual size: 330KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 24KB - Virtual size: 30KB

.rsrc
Size: 40KB - Virtual size: 38KB

.reloc
Size: 36KB - Virtual size: 32KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 688KB - Virtual size: 687KB

.data
Size: 32KB - Virtual size: 28KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 257KB - Virtual size: 260KB

.idata
Size: 512B - Virtual size: 4KB