7fb0ece8c8a3981f4160add93d4fcb25ad16a7fc3fef815d3593b761f83686c3

Sharing

Copy URL

Twitter E-mail

General

Target

7fb0ece8c8a3981f4160add93d4fcb25ad16a7fc3fef815d3593b761f83686c3
Size

5.3MB
MD5

66de05284cbbc3c0513cf1c9c67e83c0
SHA1

a158abfe155f91f7c9e351c24f4c6db1a0f6f816
SHA256

7fb0ece8c8a3981f4160add93d4fcb25ad16a7fc3fef815d3593b761f83686c3
SHA512

4006aef3f3e0deafda74571fa3acd8e31df7e047191109898fcc5ab095ea2e3d6bb70dd9e8409d0869a5d96134df5ba089eb138b6c76b15ba9a7f432f593de88
SSDEEP

98304:jgpAhnqW6H3ORNfQtdUdVkzueayWPBptfWwF2fHgi0IvPLdEb:jWAhnqWvRNmzgy2xr2oPInLdEb

Score

3^/10

Malware Config

Signatures

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/Epoch1/Modules/2643_bb117eac360764657f92689a25a899aa_dll.bin
unpack002/Epoch1/Modules/2645_f74684b64ff72f578d137a681cf2e605_dll.bin
unpack002/Epoch1/Modules/2646_99ef5f15adb04b4af258a285f50e6150_dll.bin
unpack002/Epoch1/Modules/2647_76e57195d785ba4c45d99f945d91be8c_dll.bin
unpack002/Epoch1/Modules/2648_8cf470e268d7857d77eb1ed7e4586f8b_dll.bin
unpack002/Epoch1/Modules/2651_62e940eebd86c4b6a6ebd59b4ae4d5dc_dll.bin
unpack002/Epoch1/Modules/2652_d90ec9ba09010d251b856562a9788e7e_dll.bin
unpack002/Epoch1/Updates/2641_12e01fbfd84588a4d004cb5bd0d92a34_exe.bin
unpack002/Epoch1/Updates/2642_d93254c235dede95c59d3ba5276f85ef_exe.bin
unpack002/Epoch2/Modules/1934_7a6669f882f20114524eb040f6c0de89_dll.bin
unpack002/Epoch2/Modules/1935_157e9fe73a6967c04a4a8904556ae16a_dll.bin
unpack002/Epoch2/Modules/1936_bb35ab07d7ccab487143e0395a031d8d_dll.bin
unpack002/Epoch2/Modules/1937_f4fa5089f3db0386c4c9e49537619065_dll.bin
unpack002/Epoch2/Modules/1938_cbe19eb8555234197aff75cb9241402e_dll.bin
unpack002/Epoch2/Modules/1939_378888674bda7307cf043fde5cbc585c_dll.bin
unpack002/Epoch2/Modules/1959_ce59eb88232429ce795c1a638838caa1_dll.bin
unpack002/Epoch2/Updates/1955_4ecb45f75ff05d586aa7847140e82c11_exe.bin
unpack002/Epoch3/Modules/1756_eba36259725f65d48b53be571a8c4c5f_dll.bin
unpack002/Epoch3/Modules/1757_ae1522f062eefa2fcaad60082feab4bb_dll.bin
unpack002/Epoch3/Modules/1758_cc90df00701cefecee3a82a345c52802_dll.bin
unpack002/Epoch3/Modules/1759_831f2a06a22c3ff8dbeb26638ed3818f_dll.bin
unpack002/Epoch3/Modules/1760_710aa5669e167cd83ad6a0f78b749d16_dll.bin
unpack002/Epoch3/Modules/1767_73ac89ce534d75a789173e3bd1d5c226_dll.bin
unpack002/Epoch3/Modules/1768_01e18ca5e12c6f2586110b624e867710_dll.bin
unpack002/Epoch3/Updates/1807_939a7892090d79a67b694f009de8a7f2_exe.bin

Files

7fb0ece8c8a3981f4160add93d4fcb25ad16a7fc3fef815d3593b761f83686c3
.gz
sample
.tar
Epoch1/Modules/2643_bb117eac360764657f92689a25a899aa_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Modules/2645_f74684b64ff72f578d137a681cf2e605_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 355KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Modules/2646_99ef5f15adb04b4af258a285f50e6150_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Modules/2647_76e57195d785ba4c45d99f945d91be8c_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Modules/2648_8cf470e268d7857d77eb1ed7e4586f8b_dll.bin
.dll windows:6 windows x86 arch:x86

d4ed304ff68a00a58b0805ce78d7cdf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreW
PostQueuedCompletionStatus
CreateIoCompletionPort
DeleteCriticalSection
TryEnterCriticalSection
SetEvent
GetTickCount
ResetEvent
CreateEventW
GetCurrentThreadId
GetSystemDirectoryW
LoadLibraryW
LocalFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
GetProcAddress
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetQueuedCompletionStatus
GetLastError
CloseHandle
HeapSize
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
LCMapStringW
CompareStringW
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateFileW
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
UnmapViewOfFile
GetProcessHeap
RaiseException
SetFilePointerEx
GetFileType
SetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
ExitThread
ResumeThread
GetCurrentProcessId
ReadFile
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
EncodePointer
DecodePointer
SetConsoleCtrlHandler
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetStartupInfoW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW

ws2_32

listen
getnameinfo
inet_addr
sendto
select
connect
htonl
getaddrinfo
getsockname
freeaddrinfo
getsockopt
WSAGetLastError
accept
WSAIoctl
socket
recv
send
getpeername
setsockopt
bind
WSAGetOverlappedResult
closesocket
WSASetLastError
ioctlsocket
WSARecv
WSASend

iphlpapi

GetIpAddrTable
GetBestRoute

ntdll

RtlUnwind

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Modules/2651_62e940eebd86c4b6a6ebd59b4ae4d5dc_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Modules/2652_d90ec9ba09010d251b856562a9788e7e_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Payloads/2677_a1062771a7f280484e07d900a53406ac_exe.bin
.exe windows:4 windows x86 arch:x86

cb08a7d426e4c994ca11ebd8bf151f0f

Code Sign

67:6a:9a:92:61:41:80:9d:49:17:11:e2:bd:5e:22:ca
Certificate

Issuer

CN=DRNKOSFWCRHZBDZREG

Not Before

29-07-2020 18:22

Not After

31-12-2039 23:59

Subject

CN=DRNKOSFWCRHZBDZREG

Extended Key Usages

ExtKeyUsageCodeSigning

7e:8d:d1:d4:69:da:4d:92:29:d7:2f:3d:0a:b1:4a:36:75:78:d9:76
Signer

Actual PE Digest

7e:8d:d1:d4:69:da:4d:92:29:d7:2f:3d:0a:b1:4a:36:75:78:d9:76

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WaitForSingleObject
VirtualProtect
SleepEx
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetEvent
SetErrorMode
ResumeThread
ResetEvent
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetUserDefaultLCID
GetTempPathA
GetTempFileNameA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetProfileStringA
GetPrivateProfileStringA
GetLocalTime
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentProcessId
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedExchange
FormatMessageA
FindResourceA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
DeviceIoControl
DeleteFileA
CreateMutexA
CreateEventA
CompareStringA
GenerateConsoleCtrlEvent
LocalHandle
SetFileAttributesA
IsBadStringPtrA
GetCurrentProcess
CreateMailslotW
InterlockedExchangeAdd
EnumLanguageGroupLocalesW
ReadConsoleInputA
FormatMessageW
ChangeTimerQueueTimer
SetSystemPowerState
GetDiskFreeSpaceW
GetProfileSectionW
SetProcessAffinityMask
GetPrivateProfileSectionW
Module32FirstW
SetConsoleOutputCP
CommConfigDialogW
GetHandleInformation
WriteConsoleOutputAttribute
FreeConsole
SetEnvironmentVariableA
ProcessIdToSessionId
GetModuleFileNameW
GetOEMCP
ExpandEnvironmentStringsW
GetFileAttributesW
HeapCompact
SetLocaleInfoW
ReadFileEx
GetSystemPowerStatus
SetHandleCount
QueryInformationJobObject
SetMessageWaitingIndicator
_hread
GetConsoleTitleW
VirtualAllocEx
GetModuleHandleW

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxExA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LockWindowUpdate
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvertRect
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextA
DrawStateA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
OpenInputDesktop
CharPrevExA
IsDialogMessage
GetComboBoxInfo
LoadMenuIndirectA
RegisterClassW
SetKeyboardState
GetAltTabInfo
WindowFromDC
LoadCursorFromFileA

gdi32

UnrealizeObject
TextOutA
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetTextExtentExPointA
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt
GdiReleaseLocalDC
CreatePatternBrush
InvertRgn
GetTextExtentExPointW
GetObjectW
GdiStartDocEMF
GdiConvertBrush
EngAlphaBlend
GetBoundsRect
PlgBlt
SetWorldTransform
GetCharWidthW
EngAssociateSurface
SetRectRgn
SetBoundsRect
bInitSystemAndFontsDirectoriesW
ResetDCW
GetStretchBltMode
PtVisible
BRUSHOBJ_hGetColorTransform
Arc
ScaleViewportExtEx
RemoveFontResourceTracking
DeleteColorSpace
GdiGetPageCount
GetEnhMetaFileA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyW

shell32

ShellExecuteExA
ShellExecuteA
ShellAboutA
SHGetFileInfoA
SHFileOperationA
ExtractIconA
DragQueryFileA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHGetDataFromIDListA
SHChangeNotify
SHBrowseForFolderA
SHGetIconOverlayIndexA
DuplicateIcon
ShellExecuteExW
SHInvokePrinterCommandW
SHCreateDirectoryExW
SHCreateProcessAsUserW
DragQueryPoint
SHGetFolderLocation
SHPathPrepareForWriteA
DragQueryFile
ShellHookProc
ExtractIconExW
SHBindToParent
SHBrowseForFolderW
DoEnvironmentSubstA

ole32

IsEqualGUID
CreateStreamOnHGlobal
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitializeEx
CoInitialize

shlwapi

StrStrIA
StrRChrA
StrRStrIW

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord17

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata4
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Epoch1/Payloads/2678_bb6b16d34e8e7b8f42e920d9e3964a75_exe.bin
.exe windows:4 windows x86 arch:x86

0dd2844b6ae88c65e99075801c22473a

Code Sign

56:b9:b7:ac:b3:e0:6b:a7:42:c1:9d:ee:be:c5:86:39
Certificate

Issuer

CN=NAQOGKCAJPBHHBHGUY

Not Before

28-07-2020 20:22

Not After

31-12-2039 23:59

Subject

CN=NAQOGKCAJPBHHBHGUY

Extended Key Usages

ExtKeyUsageCodeSigning

60:83:6f:ae:b8:be:ac:89:27:29:7e:26:30:03:17:86:0e:90:f9:e2
Signer

Actual PE Digest

60:83:6f:ae:b8:be:ac:89:27:29:7e:26:30:03:17:86:0e:90:f9:e2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalSize
HeapCreate
IsBadCodePtr
IsBadWritePtr
GetTempPathW
SetFileTime
GetExitCodeProcess
GetCurrentThreadId
CompareFileTime
GetFileTime
FindClose
GetTickCount
EnumSystemCodePagesW
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
lstrcmpA
GetProcessHeap
GetVersionExA
GetACP
GetOEMCP
GetUserDefaultLangID
GetLocaleInfoA
GetStartupInfoA
CreateEventA
GetLastError
WaitForSingleObject
FreeLibrary
MulDiv
SetEvent
CloseHandle
GlobalLock
GlobalUnlock
Sleep
ExitProcess
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
CreateProcessA
CreateProcessW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SearchPathA
SearchPathW
GetFullPathNameA
GetFullPathNameW
GetModuleHandleW
LoadLibraryA
LoadLibraryW
SetCurrentDirectoryA
SetCurrentDirectoryW
FindFirstFileA
FindFirstFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesW
DeleteFileA
DeleteFileW
CreateFileA
CreateFileW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
FindNextFileA
FindNextFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetModuleHandleA
GetProcAddress
GetFileAttributesA
WriteFile
ReadFile
SetFilePointer
GetFileSize
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree
HeapDestroy
GlobalAlloc
SetTimeZoneInformation
InterlockedIncrement
LocalFlags
GetProfileSectionA
SetConsoleOutputCP
AllocConsole
CreateRemoteThread
GetLongPathNameW
IsBadHugeReadPtr
SetConsoleActiveScreenBuffer
GetDefaultCommConfigA
LCMapStringW
Process32First
CreateDirectoryExA
VirtualQuery
ClearCommError
DisconnectNamedPipe
GetProfileStringW
WriteConsoleOutputAttribute
GlobalAddAtomA
GetEnvironmentVariableW
GetConsoleAliasExesW
SetUnhandledExceptionFilter
TlsFree
ConvertThreadToFiber
FindFirstChangeNotificationW
CreateDirectoryW
FindNextVolumeA
CreateThread
RtlFillMemory
HeapCompact
SetComputerNameW
DosDateTimeToFileTime
LocalAlloc
EnumCalendarInfoW
WritePrivateProfileStructW
VirtualAllocEx

user32

CreatePopupMenu
GetKeyState
DefFrameProcW
PostQuitMessage
ModifyMenuW
DestroyIcon
DestroyCursor
SetTimer
GetWindow
DefFrameProcA
CheckMenuItem
GetQueueStatus
GetKeyboardState
CheckMenuRadioItem
GetSystemMetrics
DrawMenuBar
DeleteMenu
GetSubMenu
LoadCursorA
GetKeyboardLayout
IsWindowVisible
GetClassNameW
GetClassNameA
SetWindowPos
SetScrollInfo
GetScrollInfo
ReleaseCapture
CallNextHookEx
MapVirtualKeyW
MapVirtualKeyA
UnhookWindowsHookEx
GetDlgItem
EndDialog
IsChild
RedrawWindow
MoveWindow
SetCapture
ActivateKeyboardLayout
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoA
LoadMenuA
LoadMenuW
LoadAcceleratorsA
LoadAcceleratorsW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
CreateDialogParamW
CreateDialogParamA
DialogBoxParamW
DialogBoxParamA
EnumThreadWindows
WaitForInputIdle
BringWindowToTop
EnableWindow
CloseClipboard
GetClipboardData
OpenClipboard
MessageBeep
SetCursorPos
DrawTextW
DrawTextA
GetKeyboardLayoutList
EnumWindows
SetActiveWindow
GetActiveWindow
EndPaint
DrawFrameControl
BeginPaint
GetCapture
FrameRect
SetDlgItemInt
GetDlgItemInt
SetWindowsHookExA
CharUpperA
RegisterClipboardFormatA
HideCaret
SetMenuDefaultItem
IsClipboardFormatAvailable
SetCaretPos
SetClipboardData
EmptyClipboard
UnregisterClassA
UnregisterClassW
CreateCaret
DestroyCaret
ScrollWindow
ShowScrollBar
GetDoubleClickTime
GetMessageTime
GetUpdateRect
IntersectRect
InsertMenuA
InsertMenuW
AppendMenuA
AppendMenuW
SetDlgItemTextA
SetDlgItemTextW
SetWindowTextA
SetWindowTextW
FindWindowExA
FindWindowExW
CreateMDIWindowA
CreateMDIWindowW
CreateWindowExA
CreateWindowExW
RegisterClassA
RegisterClassW
ScreenToClient
TrackPopupMenu
GetSystemMenu
KillTimer
SetCursor
GetMenuStringA
GetMenuStringW
LoadStringA
LoadStringW
SendMessageW
IsDialogMessageA
IsDialogMessageW
TranslateAcceleratorA
TranslateAcceleratorW
DispatchMessageA
DispatchMessageW
PeekMessageA
PeekMessageW
GetMessageA
GetMessageW
GetDlgItemTextA
GetDlgItemTextW
GetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetWindowTextLengthW
SetWindowLongA
SetWindowLongW
GetWindowLongA
GetWindowLongW
SetClassLongA
SetClassLongW
GetClassLongA
GetClassLongW
GetKeyNameTextA
GetKeyNameTextW
DefWindowProcA
DefWindowProcW
InvalidateRect
UpdateWindow
ValidateRect
GetDC
GetClientRect
GetSysColorBrush
FillRect
DrawEdge
GetFocus
DrawFocusRect
DestroyMenu
DefMDIChildProcA
DefMDIChildProcW
SetFocus
ClientToScreen
EnableMenuItem
ShowWindow
TranslateMessage
ShowCaret
ModifyMenuA
IsWindowEnabled
GetSysColor
DrawStateA
ReleaseDC
IsWindowUnicode
CallWindowProcA
CallWindowProcW
GetDlgCtrlID
GetParent
PostMessageA
GetCursorPos
PtInRect
GetWindowRect
DestroyWindow
SendMessageA
MessageBoxW
DestroyAcceleratorTable
LoadCursorFromFileA

gdi32

GdiEntry9
PolyTextOutW
EngQueryLocalTime
GdiAlphaBlend
GdiQueryTable
BRUSHOBJ_hGetColorTransform
GdiGetSpoolMessage
GetSystemPaletteEntries
SetBrushOrgEx
EngCopyBits
CreateICA
EnumEnhMetaFile
HT_Get8BPPMaskPalette
CreateDIBPatternBrush
UnrealizeObject
EngGradientFill
GetTextMetricsA
EngAlphaBlend
GetTextExtentExPointW
STROBJ_bEnumPositionsOnly
GetAspectRatioFilterEx
GdiDllInitialize
CreateSolidBrush
CLIPOBJ_ppoGetPath
SetEnhMetaFileBits
SetAbortProc
GetPixel
bInitSystemAndFontsDirectoriesW
SaveDC
GetKerningPairsW
XLATEOBJ_hGetColorTransform
EnumFontFamiliesA
ExtSelectClipRgn
SetDeviceGammaRamp
MoveToEx
QueryFontAssocStatus
SelectPalette
CreateDCA
GdiEntry5
GdiGetCodePage
AddFontResourceTracking
CreateFontIndirectExW
ColorCorrectPalette
GdiEntry2
GetStockObject
GetEnhMetaFileA

comdlg32

PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
ChooseColorW
PrintDlgW
PrintDlgA
ChooseFontA
ChooseFontW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
ChooseColorA

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegEnumValueW
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW

shell32

ShellExecuteExW
SHChangeNotify
SHGetMalloc
DragAcceptFiles
ShellExecuteA
ShellExecuteW
DragQueryFileA
DragQueryFileW
DragFinish
SHBindToParent
ExtractAssociatedIconExA
SHGetIconOverlayIndexW
DragQueryPoint
CheckEscapesW
ExtractIconW
DoEnvironmentSubstW
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFolderPathA
DragQueryFileAorW
SHInvokePrinterCommandA
SHGetDataFromIDListA

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
DoDragDrop

imm32

ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetCompositionStringW
ImmEscapeW
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata4
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Epoch1/Updates/2641_12e01fbfd84588a4d004cb5bd0d92a34_exe.bin
.exe windows:4 windows x86 arch:x86

92611b2610edfbf2072755f0e925c7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord567
ord823
ord2135
ord825
ord818
ord1949
ord433
ord4034
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord2124
ord4427
ord807
ord796
ord674
ord6491
ord554
ord529
ord366
ord620
ord5871
ord6000
ord2117
ord6565
ord6619
ord4163
ord6625
ord4457
ord5252
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4160
ord6215
ord617
ord5301
ord5214
ord296
ord5241
ord520
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1841
ord4241
ord4589
ord4533
ord5076
ord4340
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord860
ord364
ord784
ord2339
ord2370
ord2362
ord2302
ord5260
ord537
ord5677
ord3495
ord4720
ord2535
ord6334
ord4508
ord4347
ord801
ord6143
ord541
ord6883
ord539
ord3525
ord5575
ord839
ord850
ord858
ord3499
ord2515
ord355
ord1572
ord434
ord2864
ord6283
ord6282
ord1576
ord4407
ord1776
ord4078
ord6055
ord540
ord535
ord800
ord986
ord4033
ord1168

msvcrt

wcslen
atoi
__dllonexit
_setmbcp
_onexit
_exit
_XcptFilter
exit
_acmdln
_initterm
__getmainargs
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__CxxFrameHandler

kernel32

GetCurrentProcess
GetProcAddress
LoadLibraryExA
LoadLibraryExW
lstrcmpiA
GetModuleHandleA
GetStartupInfoA
SizeofResource

user32

GetForegroundWindow
GetWindowTextA
GetParent
IsWindow
LoadCursorA
SetCursor
GetSystemMetrics
SendMessageA
UpdateWindow
GetSystemMenu
EnableWindow
IsIconic

oleaut32

VariantClear

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Winit@std@@QAE@XZ

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch1/Updates/2642_d93254c235dede95c59d3ba5276f85ef_exe.bin
.exe windows:4 windows x86 arch:x86

a3cf94576982861bbb8d87972dfc65fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
StrRetToStrA
PathIsUNCA

kernel32

GetFullPathNameA
GetShortPathNameA
CreateFileA
SetErrorMode
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileTime
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
Sleep
FatalAppExitA
VirtualFree
GetVolumeInformationA
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetCurrentDirectoryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SystemTimeToFileTime
GetThreadLocale
GetAtomNameA
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
lstrcmpA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
lstrcmpW
GetModuleHandleA
GetVersionExA
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
InterlockedExchange
LoadLibraryExW
LoadLibraryExA
GetProcAddress
GetCurrentProcess
GetTickCount
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
HeapDestroy

user32

GetNextDlgGroupItem
MessageBeep
UnregisterClassA
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
SetParent
UnionRect
PostThreadMessageA
SetTimer
KillTimer
GetDCEx
LockWindowUpdate
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetDialogBaseUnits
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DestroyMenu
GetMenuItemInfoA
InflateRect
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
PostQuitMessage
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
SendMessageA
GetParent
EnableWindow
DrawIcon
AppendMenuA
GetSystemMenu
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
IsIconic
GetClientRect
LoadIconA
GetSystemMetrics
CharLowerA
CharLowerW
CharUpperA
CharUpperW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
GetMenuState
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
SetWindowPlacement
PtInRect
SetScrollInfo
GetScrollInfo
CopyRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetSysColor
GetDlgItemInt

gdi32

CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBPatternBrushPt
CombineRgn
GetMapMode
DPtoLP
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
StretchDIBits
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
CopyMetaFileA
SetRectRgn
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateBitmap
PatBlt
CreateRectRgnIndirect
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDCA
SetWindowOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey
RegCreateKeyA

shell32

DragQueryFileA
DragFinish
ExtractIconA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA

oledlg

ord8

ole32

CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CLSIDFromString
CoRevokeClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleIsCurrentClipboard
OleSetClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CLSIDFromProgID

oleaut32

SafeArrayCopy
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
VarDateFromStr
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
LoadTypeLi

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Epoch2/Modules/1934_7a6669f882f20114524eb040f6c0de89_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch2/Modules/1935_157e9fe73a6967c04a4a8904556ae16a_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch2/Modules/1936_bb35ab07d7ccab487143e0395a031d8d_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch2/Modules/1937_f4fa5089f3db0386c4c9e49537619065_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 355KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch2/Modules/1938_cbe19eb8555234197aff75cb9241402e_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch2/Modules/1939_378888674bda7307cf043fde5cbc585c_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch2/Modules/1959_ce59eb88232429ce795c1a638838caa1_dll.bin
.dll windows:6 windows x86 arch:x86

d4ed304ff68a00a58b0805ce78d7cdf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreW
PostQueuedCompletionStatus
CreateIoCompletionPort
DeleteCriticalSection
TryEnterCriticalSection
SetEvent
GetTickCount
ResetEvent
CreateEventW
GetCurrentThreadId
GetSystemDirectoryW
LoadLibraryW
LocalFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
GetProcAddress
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetQueuedCompletionStatus
GetLastError
CloseHandle
HeapSize
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
LCMapStringW
CompareStringW
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateFileW
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
UnmapViewOfFile
GetProcessHeap
RaiseException
SetFilePointerEx
GetFileType
SetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
ExitThread
ResumeThread
GetCurrentProcessId
ReadFile
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
EncodePointer
DecodePointer
SetConsoleCtrlHandler
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetStartupInfoW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW

ws2_32

listen
getnameinfo
inet_addr
sendto
select
connect
htonl
getaddrinfo
getsockname
freeaddrinfo
getsockopt
WSAGetLastError
accept
WSAIoctl
socket
recv
send
getpeername
setsockopt
bind
WSAGetOverlappedResult
closesocket
WSASetLastError
ioctlsocket
WSARecv
WSASend

iphlpapi

GetIpAddrTable
GetBestRoute

ntdll

RtlUnwind

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch2/Payloads/2000_15588e558eb227ee9997ac303dbcf107_exe.bin
.exe windows:4 windows x86 arch:x86

cb08a7d426e4c994ca11ebd8bf151f0f

Code Sign

67:6a:9a:92:61:41:80:9d:49:17:11:e2:bd:5e:22:ca
Certificate

Issuer

CN=DRNKOSFWCRHZBDZREG

Not Before

29-07-2020 18:22

Not After

31-12-2039 23:59

Subject

CN=DRNKOSFWCRHZBDZREG

Extended Key Usages

ExtKeyUsageCodeSigning

e0:45:f1:d3:47:e1:67:17:ad:2e:5a:54:77:f4:7d:d6:1c:52:73:5e
Signer

Actual PE Digest

e0:45:f1:d3:47:e1:67:17:ad:2e:5a:54:77:f4:7d:d6:1c:52:73:5e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WaitForSingleObject
VirtualProtect
SleepEx
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetEvent
SetErrorMode
ResumeThread
ResetEvent
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetUserDefaultLCID
GetTempPathA
GetTempFileNameA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetProfileStringA
GetPrivateProfileStringA
GetLocalTime
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentProcessId
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedExchange
FormatMessageA
FindResourceA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
DeviceIoControl
DeleteFileA
CreateMutexA
CreateEventA
CompareStringA
GenerateConsoleCtrlEvent
LocalHandle
SetFileAttributesA
IsBadStringPtrA
GetCurrentProcess
CreateMailslotW
InterlockedExchangeAdd
EnumLanguageGroupLocalesW
ReadConsoleInputA
FormatMessageW
ChangeTimerQueueTimer
SetSystemPowerState
GetDiskFreeSpaceW
GetProfileSectionW
SetProcessAffinityMask
GetPrivateProfileSectionW
Module32FirstW
SetConsoleOutputCP
CommConfigDialogW
GetHandleInformation
WriteConsoleOutputAttribute
FreeConsole
SetEnvironmentVariableA
ProcessIdToSessionId
GetModuleFileNameW
GetOEMCP
ExpandEnvironmentStringsW
GetFileAttributesW
HeapCompact
SetLocaleInfoW
ReadFileEx
GetSystemPowerStatus
SetHandleCount
QueryInformationJobObject
SetMessageWaitingIndicator
_hread
GetConsoleTitleW
VirtualAllocEx
GetModuleHandleW

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxExA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LockWindowUpdate
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvertRect
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextA
DrawStateA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
OpenInputDesktop
CharPrevExA
IsDialogMessage
GetComboBoxInfo
LoadMenuIndirectA
RegisterClassW
SetKeyboardState
GetAltTabInfo
WindowFromDC
LoadCursorFromFileA

gdi32

UnrealizeObject
TextOutA
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetTextExtentExPointA
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt
GdiReleaseLocalDC
CreatePatternBrush
InvertRgn
GetTextExtentExPointW
GetObjectW
GdiStartDocEMF
GdiConvertBrush
EngAlphaBlend
GetBoundsRect
PlgBlt
SetWorldTransform
GetCharWidthW
EngAssociateSurface
SetRectRgn
SetBoundsRect
bInitSystemAndFontsDirectoriesW
ResetDCW
GetStretchBltMode
PtVisible
BRUSHOBJ_hGetColorTransform
Arc
ScaleViewportExtEx
RemoveFontResourceTracking
DeleteColorSpace
GdiGetPageCount
GetEnhMetaFileA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyW

shell32

ShellExecuteExA
ShellExecuteA
ShellAboutA
SHGetFileInfoA
SHFileOperationA
ExtractIconA
DragQueryFileA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHGetDataFromIDListA
SHChangeNotify
SHBrowseForFolderA
SHGetIconOverlayIndexA
DuplicateIcon
ShellExecuteExW
SHInvokePrinterCommandW
SHCreateDirectoryExW
SHCreateProcessAsUserW
DragQueryPoint
SHGetFolderLocation
SHPathPrepareForWriteA
DragQueryFile
ShellHookProc
ExtractIconExW
SHBindToParent
SHBrowseForFolderW
DoEnvironmentSubstA

ole32

IsEqualGUID
CreateStreamOnHGlobal
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitializeEx
CoInitialize

shlwapi

StrStrIA
StrRChrA
StrRStrIW

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord17

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata4
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Epoch2/Payloads/2001_bb6b16d34e8e7b8f42e920d9e3964a75_exe.bin
.exe windows:4 windows x86 arch:x86

0dd2844b6ae88c65e99075801c22473a

Code Sign

56:b9:b7:ac:b3:e0:6b:a7:42:c1:9d:ee:be:c5:86:39
Certificate

Issuer

CN=NAQOGKCAJPBHHBHGUY

Not Before

28-07-2020 20:22

Not After

31-12-2039 23:59

Subject

CN=NAQOGKCAJPBHHBHGUY

Extended Key Usages

ExtKeyUsageCodeSigning

60:83:6f:ae:b8:be:ac:89:27:29:7e:26:30:03:17:86:0e:90:f9:e2
Signer

Actual PE Digest

60:83:6f:ae:b8:be:ac:89:27:29:7e:26:30:03:17:86:0e:90:f9:e2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalSize
HeapCreate
IsBadCodePtr
IsBadWritePtr
GetTempPathW
SetFileTime
GetExitCodeProcess
GetCurrentThreadId
CompareFileTime
GetFileTime
FindClose
GetTickCount
EnumSystemCodePagesW
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
lstrcmpA
GetProcessHeap
GetVersionExA
GetACP
GetOEMCP
GetUserDefaultLangID
GetLocaleInfoA
GetStartupInfoA
CreateEventA
GetLastError
WaitForSingleObject
FreeLibrary
MulDiv
SetEvent
CloseHandle
GlobalLock
GlobalUnlock
Sleep
ExitProcess
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
CreateProcessA
CreateProcessW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SearchPathA
SearchPathW
GetFullPathNameA
GetFullPathNameW
GetModuleHandleW
LoadLibraryA
LoadLibraryW
SetCurrentDirectoryA
SetCurrentDirectoryW
FindFirstFileA
FindFirstFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesW
DeleteFileA
DeleteFileW
CreateFileA
CreateFileW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
FindNextFileA
FindNextFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetModuleHandleA
GetProcAddress
GetFileAttributesA
WriteFile
ReadFile
SetFilePointer
GetFileSize
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree
HeapDestroy
GlobalAlloc
SetTimeZoneInformation
InterlockedIncrement
LocalFlags
GetProfileSectionA
SetConsoleOutputCP
AllocConsole
CreateRemoteThread
GetLongPathNameW
IsBadHugeReadPtr
SetConsoleActiveScreenBuffer
GetDefaultCommConfigA
LCMapStringW
Process32First
CreateDirectoryExA
VirtualQuery
ClearCommError
DisconnectNamedPipe
GetProfileStringW
WriteConsoleOutputAttribute
GlobalAddAtomA
GetEnvironmentVariableW
GetConsoleAliasExesW
SetUnhandledExceptionFilter
TlsFree
ConvertThreadToFiber
FindFirstChangeNotificationW
CreateDirectoryW
FindNextVolumeA
CreateThread
RtlFillMemory
HeapCompact
SetComputerNameW
DosDateTimeToFileTime
LocalAlloc
EnumCalendarInfoW
WritePrivateProfileStructW
VirtualAllocEx

user32

CreatePopupMenu
GetKeyState
DefFrameProcW
PostQuitMessage
ModifyMenuW
DestroyIcon
DestroyCursor
SetTimer
GetWindow
DefFrameProcA
CheckMenuItem
GetQueueStatus
GetKeyboardState
CheckMenuRadioItem
GetSystemMetrics
DrawMenuBar
DeleteMenu
GetSubMenu
LoadCursorA
GetKeyboardLayout
IsWindowVisible
GetClassNameW
GetClassNameA
SetWindowPos
SetScrollInfo
GetScrollInfo
ReleaseCapture
CallNextHookEx
MapVirtualKeyW
MapVirtualKeyA
UnhookWindowsHookEx
GetDlgItem
EndDialog
IsChild
RedrawWindow
MoveWindow
SetCapture
ActivateKeyboardLayout
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoA
LoadMenuA
LoadMenuW
LoadAcceleratorsA
LoadAcceleratorsW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
CreateDialogParamW
CreateDialogParamA
DialogBoxParamW
DialogBoxParamA
EnumThreadWindows
WaitForInputIdle
BringWindowToTop
EnableWindow
CloseClipboard
GetClipboardData
OpenClipboard
MessageBeep
SetCursorPos
DrawTextW
DrawTextA
GetKeyboardLayoutList
EnumWindows
SetActiveWindow
GetActiveWindow
EndPaint
DrawFrameControl
BeginPaint
GetCapture
FrameRect
SetDlgItemInt
GetDlgItemInt
SetWindowsHookExA
CharUpperA
RegisterClipboardFormatA
HideCaret
SetMenuDefaultItem
IsClipboardFormatAvailable
SetCaretPos
SetClipboardData
EmptyClipboard
UnregisterClassA
UnregisterClassW
CreateCaret
DestroyCaret
ScrollWindow
ShowScrollBar
GetDoubleClickTime
GetMessageTime
GetUpdateRect
IntersectRect
InsertMenuA
InsertMenuW
AppendMenuA
AppendMenuW
SetDlgItemTextA
SetDlgItemTextW
SetWindowTextA
SetWindowTextW
FindWindowExA
FindWindowExW
CreateMDIWindowA
CreateMDIWindowW
CreateWindowExA
CreateWindowExW
RegisterClassA
RegisterClassW
ScreenToClient
TrackPopupMenu
GetSystemMenu
KillTimer
SetCursor
GetMenuStringA
GetMenuStringW
LoadStringA
LoadStringW
SendMessageW
IsDialogMessageA
IsDialogMessageW
TranslateAcceleratorA
TranslateAcceleratorW
DispatchMessageA
DispatchMessageW
PeekMessageA
PeekMessageW
GetMessageA
GetMessageW
GetDlgItemTextA
GetDlgItemTextW
GetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetWindowTextLengthW
SetWindowLongA
SetWindowLongW
GetWindowLongA
GetWindowLongW
SetClassLongA
SetClassLongW
GetClassLongA
GetClassLongW
GetKeyNameTextA
GetKeyNameTextW
DefWindowProcA
DefWindowProcW
InvalidateRect
UpdateWindow
ValidateRect
GetDC
GetClientRect
GetSysColorBrush
FillRect
DrawEdge
GetFocus
DrawFocusRect
DestroyMenu
DefMDIChildProcA
DefMDIChildProcW
SetFocus
ClientToScreen
EnableMenuItem
ShowWindow
TranslateMessage
ShowCaret
ModifyMenuA
IsWindowEnabled
GetSysColor
DrawStateA
ReleaseDC
IsWindowUnicode
CallWindowProcA
CallWindowProcW
GetDlgCtrlID
GetParent
PostMessageA
GetCursorPos
PtInRect
GetWindowRect
DestroyWindow
SendMessageA
MessageBoxW
DestroyAcceleratorTable
LoadCursorFromFileA

gdi32

GdiEntry9
PolyTextOutW
EngQueryLocalTime
GdiAlphaBlend
GdiQueryTable
BRUSHOBJ_hGetColorTransform
GdiGetSpoolMessage
GetSystemPaletteEntries
SetBrushOrgEx
EngCopyBits
CreateICA
EnumEnhMetaFile
HT_Get8BPPMaskPalette
CreateDIBPatternBrush
UnrealizeObject
EngGradientFill
GetTextMetricsA
EngAlphaBlend
GetTextExtentExPointW
STROBJ_bEnumPositionsOnly
GetAspectRatioFilterEx
GdiDllInitialize
CreateSolidBrush
CLIPOBJ_ppoGetPath
SetEnhMetaFileBits
SetAbortProc
GetPixel
bInitSystemAndFontsDirectoriesW
SaveDC
GetKerningPairsW
XLATEOBJ_hGetColorTransform
EnumFontFamiliesA
ExtSelectClipRgn
SetDeviceGammaRamp
MoveToEx
QueryFontAssocStatus
SelectPalette
CreateDCA
GdiEntry5
GdiGetCodePage
AddFontResourceTracking
CreateFontIndirectExW
ColorCorrectPalette
GdiEntry2
GetStockObject
GetEnhMetaFileA

comdlg32

PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
ChooseColorW
PrintDlgW
PrintDlgA
ChooseFontA
ChooseFontW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
ChooseColorA

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegEnumValueW
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW

shell32

ShellExecuteExW
SHChangeNotify
SHGetMalloc
DragAcceptFiles
ShellExecuteA
ShellExecuteW
DragQueryFileA
DragQueryFileW
DragFinish
SHBindToParent
ExtractAssociatedIconExA
SHGetIconOverlayIndexW
DragQueryPoint
CheckEscapesW
ExtractIconW
DoEnvironmentSubstW
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFolderPathA
DragQueryFileAorW
SHInvokePrinterCommandA
SHGetDataFromIDListA

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
DoDragDrop

imm32

ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetCompositionStringW
ImmEscapeW
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata4
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Epoch2/Updates/1955_4ecb45f75ff05d586aa7847140e82c11_exe.bin
.exe windows:4 windows x86 arch:x86

a3cf94576982861bbb8d87972dfc65fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
StrRetToStrA
PathIsUNCA

kernel32

GetFullPathNameA
GetShortPathNameA
CreateFileA
SetErrorMode
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileTime
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
Sleep
FatalAppExitA
VirtualFree
GetVolumeInformationA
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetCurrentDirectoryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SystemTimeToFileTime
GetThreadLocale
GetAtomNameA
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
lstrcmpA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
lstrcmpW
GetModuleHandleA
GetVersionExA
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
InterlockedExchange
LoadLibraryExW
LoadLibraryExA
GetProcAddress
GetCurrentProcess
GetTickCount
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
HeapDestroy

user32

GetNextDlgGroupItem
MessageBeep
UnregisterClassA
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
SetParent
UnionRect
PostThreadMessageA
SetTimer
KillTimer
GetDCEx
LockWindowUpdate
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetDialogBaseUnits
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DestroyMenu
GetMenuItemInfoA
InflateRect
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
PostQuitMessage
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
SendMessageA
GetParent
EnableWindow
DrawIcon
AppendMenuA
GetSystemMenu
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
IsIconic
GetClientRect
LoadIconA
GetSystemMetrics
CharLowerA
CharLowerW
CharUpperA
CharUpperW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
GetMenuState
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
SetWindowPlacement
PtInRect
SetScrollInfo
GetScrollInfo
CopyRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetSysColor
GetDlgItemInt

gdi32

CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBPatternBrushPt
CombineRgn
GetMapMode
DPtoLP
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
StretchDIBits
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
CopyMetaFileA
SetRectRgn
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateBitmap
PatBlt
CreateRectRgnIndirect
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDCA
SetWindowOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey
RegCreateKeyA

shell32

DragQueryFileA
DragFinish
ExtractIconA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA

oledlg

ord8

ole32

CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CLSIDFromString
CoRevokeClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleIsCurrentClipboard
OleSetClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CLSIDFromProgID

oleaut32

SafeArrayCopy
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
VarDateFromStr
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
LoadTypeLi

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Epoch3/Modules/1756_eba36259725f65d48b53be571a8c4c5f_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch3/Modules/1757_ae1522f062eefa2fcaad60082feab4bb_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 355KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch3/Modules/1758_cc90df00701cefecee3a82a345c52802_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch3/Modules/1759_831f2a06a22c3ff8dbeb26638ed3818f_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch3/Modules/1760_710aa5669e167cd83ad6a0f78b749d16_dll.bin
.dll windows:6 windows x86 arch:x86

d4ed304ff68a00a58b0805ce78d7cdf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreW
PostQueuedCompletionStatus
CreateIoCompletionPort
DeleteCriticalSection
TryEnterCriticalSection
SetEvent
GetTickCount
ResetEvent
CreateEventW
GetCurrentThreadId
GetSystemDirectoryW
LoadLibraryW
LocalFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
GetProcAddress
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetQueuedCompletionStatus
GetLastError
CloseHandle
HeapSize
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
LCMapStringW
CompareStringW
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateFileW
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
UnmapViewOfFile
GetProcessHeap
RaiseException
SetFilePointerEx
GetFileType
SetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
ExitThread
ResumeThread
GetCurrentProcessId
ReadFile
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
EncodePointer
DecodePointer
SetConsoleCtrlHandler
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetStartupInfoW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW

ws2_32

listen
getnameinfo
inet_addr
sendto
select
connect
htonl
getaddrinfo
getsockname
freeaddrinfo
getsockopt
WSAGetLastError
accept
WSAIoctl
socket
recv
send
getpeername
setsockopt
bind
WSAGetOverlappedResult
closesocket
WSASetLastError
ioctlsocket
WSARecv
WSASend

iphlpapi

GetIpAddrTable
GetBestRoute

ntdll

RtlUnwind

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch3/Modules/1767_73ac89ce534d75a789173e3bd1d5c226_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch3/Modules/1768_01e18ca5e12c6f2586110b624e867710_dll.bin
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epoch3/Payloads/1797_bb6b16d34e8e7b8f42e920d9e3964a75_exe.bin
.exe windows:4 windows x86 arch:x86

0dd2844b6ae88c65e99075801c22473a

Code Sign

56:b9:b7:ac:b3:e0:6b:a7:42:c1:9d:ee:be:c5:86:39
Certificate

Issuer

CN=NAQOGKCAJPBHHBHGUY

Not Before

28-07-2020 20:22

Not After

31-12-2039 23:59

Subject

CN=NAQOGKCAJPBHHBHGUY

Extended Key Usages

ExtKeyUsageCodeSigning

60:83:6f:ae:b8:be:ac:89:27:29:7e:26:30:03:17:86:0e:90:f9:e2
Signer

Actual PE Digest

60:83:6f:ae:b8:be:ac:89:27:29:7e:26:30:03:17:86:0e:90:f9:e2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalSize
HeapCreate
IsBadCodePtr
IsBadWritePtr
GetTempPathW
SetFileTime
GetExitCodeProcess
GetCurrentThreadId
CompareFileTime
GetFileTime
FindClose
GetTickCount
EnumSystemCodePagesW
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
lstrcmpA
GetProcessHeap
GetVersionExA
GetACP
GetOEMCP
GetUserDefaultLangID
GetLocaleInfoA
GetStartupInfoA
CreateEventA
GetLastError
WaitForSingleObject
FreeLibrary
MulDiv
SetEvent
CloseHandle
GlobalLock
GlobalUnlock
Sleep
ExitProcess
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
CreateProcessA
CreateProcessW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SearchPathA
SearchPathW
GetFullPathNameA
GetFullPathNameW
GetModuleHandleW
LoadLibraryA
LoadLibraryW
SetCurrentDirectoryA
SetCurrentDirectoryW
FindFirstFileA
FindFirstFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesW
DeleteFileA
DeleteFileW
CreateFileA
CreateFileW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
FindNextFileA
FindNextFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetModuleHandleA
GetProcAddress
GetFileAttributesA
WriteFile
ReadFile
SetFilePointer
GetFileSize
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree
HeapDestroy
GlobalAlloc
SetTimeZoneInformation
InterlockedIncrement
LocalFlags
GetProfileSectionA
SetConsoleOutputCP
AllocConsole
CreateRemoteThread
GetLongPathNameW
IsBadHugeReadPtr
SetConsoleActiveScreenBuffer
GetDefaultCommConfigA
LCMapStringW
Process32First
CreateDirectoryExA
VirtualQuery
ClearCommError
DisconnectNamedPipe
GetProfileStringW
WriteConsoleOutputAttribute
GlobalAddAtomA
GetEnvironmentVariableW
GetConsoleAliasExesW
SetUnhandledExceptionFilter
TlsFree
ConvertThreadToFiber
FindFirstChangeNotificationW
CreateDirectoryW
FindNextVolumeA
CreateThread
RtlFillMemory
HeapCompact
SetComputerNameW
DosDateTimeToFileTime
LocalAlloc
EnumCalendarInfoW
WritePrivateProfileStructW
VirtualAllocEx

user32

CreatePopupMenu
GetKeyState
DefFrameProcW
PostQuitMessage
ModifyMenuW
DestroyIcon
DestroyCursor
SetTimer
GetWindow
DefFrameProcA
CheckMenuItem
GetQueueStatus
GetKeyboardState
CheckMenuRadioItem
GetSystemMetrics
DrawMenuBar
DeleteMenu
GetSubMenu
LoadCursorA
GetKeyboardLayout
IsWindowVisible
GetClassNameW
GetClassNameA
SetWindowPos
SetScrollInfo
GetScrollInfo
ReleaseCapture
CallNextHookEx
MapVirtualKeyW
MapVirtualKeyA
UnhookWindowsHookEx
GetDlgItem
EndDialog
IsChild
RedrawWindow
MoveWindow
SetCapture
ActivateKeyboardLayout
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoA
LoadMenuA
LoadMenuW
LoadAcceleratorsA
LoadAcceleratorsW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
CreateDialogParamW
CreateDialogParamA
DialogBoxParamW
DialogBoxParamA
EnumThreadWindows
WaitForInputIdle
BringWindowToTop
EnableWindow
CloseClipboard
GetClipboardData
OpenClipboard
MessageBeep
SetCursorPos
DrawTextW
DrawTextA
GetKeyboardLayoutList
EnumWindows
SetActiveWindow
GetActiveWindow
EndPaint
DrawFrameControl
BeginPaint
GetCapture
FrameRect
SetDlgItemInt
GetDlgItemInt
SetWindowsHookExA
CharUpperA
RegisterClipboardFormatA
HideCaret
SetMenuDefaultItem
IsClipboardFormatAvailable
SetCaretPos
SetClipboardData
EmptyClipboard
UnregisterClassA
UnregisterClassW
CreateCaret
DestroyCaret
ScrollWindow
ShowScrollBar
GetDoubleClickTime
GetMessageTime
GetUpdateRect
IntersectRect
InsertMenuA
InsertMenuW
AppendMenuA
AppendMenuW
SetDlgItemTextA
SetDlgItemTextW
SetWindowTextA
SetWindowTextW
FindWindowExA
FindWindowExW
CreateMDIWindowA
CreateMDIWindowW
CreateWindowExA
CreateWindowExW
RegisterClassA
RegisterClassW
ScreenToClient
TrackPopupMenu
GetSystemMenu
KillTimer
SetCursor
GetMenuStringA
GetMenuStringW
LoadStringA
LoadStringW
SendMessageW
IsDialogMessageA
IsDialogMessageW
TranslateAcceleratorA
TranslateAcceleratorW
DispatchMessageA
DispatchMessageW
PeekMessageA
PeekMessageW
GetMessageA
GetMessageW
GetDlgItemTextA
GetDlgItemTextW
GetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetWindowTextLengthW
SetWindowLongA
SetWindowLongW
GetWindowLongA
GetWindowLongW
SetClassLongA
SetClassLongW
GetClassLongA
GetClassLongW
GetKeyNameTextA
GetKeyNameTextW
DefWindowProcA
DefWindowProcW
InvalidateRect
UpdateWindow
ValidateRect
GetDC
GetClientRect
GetSysColorBrush
FillRect
DrawEdge
GetFocus
DrawFocusRect
DestroyMenu
DefMDIChildProcA
DefMDIChildProcW
SetFocus
ClientToScreen
EnableMenuItem
ShowWindow
TranslateMessage
ShowCaret
ModifyMenuA
IsWindowEnabled
GetSysColor
DrawStateA
ReleaseDC
IsWindowUnicode
CallWindowProcA
CallWindowProcW
GetDlgCtrlID
GetParent
PostMessageA
GetCursorPos
PtInRect
GetWindowRect
DestroyWindow
SendMessageA
MessageBoxW
DestroyAcceleratorTable
LoadCursorFromFileA

gdi32

GdiEntry9
PolyTextOutW
EngQueryLocalTime
GdiAlphaBlend
GdiQueryTable
BRUSHOBJ_hGetColorTransform
GdiGetSpoolMessage
GetSystemPaletteEntries
SetBrushOrgEx
EngCopyBits
CreateICA
EnumEnhMetaFile
HT_Get8BPPMaskPalette
CreateDIBPatternBrush
UnrealizeObject
EngGradientFill
GetTextMetricsA
EngAlphaBlend
GetTextExtentExPointW
STROBJ_bEnumPositionsOnly
GetAspectRatioFilterEx
GdiDllInitialize
CreateSolidBrush
CLIPOBJ_ppoGetPath
SetEnhMetaFileBits
SetAbortProc
GetPixel
bInitSystemAndFontsDirectoriesW
SaveDC
GetKerningPairsW
XLATEOBJ_hGetColorTransform
EnumFontFamiliesA
ExtSelectClipRgn
SetDeviceGammaRamp
MoveToEx
QueryFontAssocStatus
SelectPalette
CreateDCA
GdiEntry5
GdiGetCodePage
AddFontResourceTracking
CreateFontIndirectExW
ColorCorrectPalette
GdiEntry2
GetStockObject
GetEnhMetaFileA

comdlg32

PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
ChooseColorW
PrintDlgW
PrintDlgA
ChooseFontA
ChooseFontW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
ChooseColorA

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegEnumValueW
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW

shell32

ShellExecuteExW
SHChangeNotify
SHGetMalloc
DragAcceptFiles
ShellExecuteA
ShellExecuteW
DragQueryFileA
DragQueryFileW
DragFinish
SHBindToParent
ExtractAssociatedIconExA
SHGetIconOverlayIndexW
DragQueryPoint
CheckEscapesW
ExtractIconW
DoEnvironmentSubstW
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFolderPathA
DragQueryFileAorW
SHInvokePrinterCommandA
SHGetDataFromIDListA

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
DoDragDrop

imm32

ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetCompositionStringW
ImmEscapeW
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata4
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Epoch3/Updates/1807_939a7892090d79a67b694f009de8a7f2_exe.bin
.exe windows:4 windows x86 arch:x86

92611b2610edfbf2072755f0e925c7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord567
ord823
ord2135
ord825
ord818
ord1949
ord433
ord4034
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord2124
ord4427
ord807
ord796
ord674
ord6491
ord554
ord529
ord366
ord620
ord5871
ord6000
ord2117
ord6565
ord6619
ord4163
ord6625
ord4457
ord5252
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4160
ord6215
ord617
ord5301
ord5214
ord296
ord5241
ord520
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1841
ord4241
ord4589
ord4533
ord5076
ord4340
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord860
ord364
ord784
ord2339
ord2370
ord2362
ord2302
ord5260
ord537
ord5677
ord3495
ord4720
ord2535
ord6334
ord4508
ord4347
ord801
ord6143
ord541
ord6883
ord539
ord3525
ord5575
ord839
ord850
ord858
ord3499
ord2515
ord355
ord1572
ord434
ord2864
ord6283
ord6282
ord1576
ord4407
ord1776
ord4078
ord6055
ord540
ord535
ord800
ord986
ord4033
ord1168

msvcrt

wcslen
atoi
__dllonexit
_setmbcp
_onexit
_exit
_XcptFilter
exit
_acmdln
_initterm
__getmainargs
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__CxxFrameHandler

kernel32

GetCurrentProcess
GetProcAddress
LoadLibraryExA
LoadLibraryExW
lstrcmpiA
GetModuleHandleA
GetStartupInfoA
SizeofResource

user32

GetForegroundWindow
GetWindowTextA
GetParent
IsWindow
LoadCursorA
SetCursor
GetSystemMetrics
SendMessageA
UpdateWindow
GetSystemMenu
EnableWindow
IsIconic

oleaut32

VariantClear

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Winit@std@@QAE@XZ

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 102KB - Virtual size: 103KB

.reloc Size: 1024B - Virtual size: 948B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 355KB - Virtual size: 357KB

.reloc Size: 1024B - Virtual size: 952B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 73KB - Virtual size: 81KB

.reloc Size: 512B - Virtual size: 460B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 3KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 424B

d4ed304ff68a00a58b0805ce78d7cdf2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

iphlpapi

ntdll

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 9KB - Virtual size: 28KB

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 168KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 1012B

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 165KB - Virtual size: 167KB

.reloc Size: 1024B - Virtual size: 1004B

cb08a7d426e4c994ca11ebd8bf151f0f

Code Sign

67:6a:9a:92:61:41:80:9d:49:17:11:e2:bd:5e:22:caCertificate

Extended Key Usages

7e:8d:d1:d4:69:da:4d:92:29:d7:2f:3d:0a:b1:4a:36:75:78:d9:76Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata4 Size: 512B - Virtual size: 483B

.rdata3 Size: 512B - Virtual size: 483B

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 102KB - Virtual size: 103KB

.reloc
Size: 1024B - Virtual size: 948B

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 355KB - Virtual size: 357KB

.reloc
Size: 1024B - Virtual size: 952B

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 73KB - Virtual size: 81KB

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 3KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 424B

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 9KB - Virtual size: 28KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 168KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 165KB - Virtual size: 167KB

.reloc
Size: 1024B - Virtual size: 1004B

67:6a:9a:92:61:41:80:9d:49:17:11:e2:bd:5e:22:ca
Certificate

7e:8d:d1:d4:69:da:4d:92:29:d7:2f:3d:0a:b1:4a:36:75:78:d9:76
Signer

.text
Size: 514KB - Virtual size: 513KB

.rdata4
Size: 512B - Virtual size: 483B

.rdata3
Size: 512B - Virtual size: 483B

.rdata2
Size: 512B - Virtual size: 483B

.rdata
Size: 512B - Virtual size: 280B

.data
Size: 113KB - Virtual size: 112KB

.rdata5
Size: 512B - Virtual size: 483B

.rsrc
Size: 2KB - Virtual size: 1KB

56:b9:b7:ac:b3:e0:6b:a7:42:c1:9d:ee:be:c5:86:39
Certificate

60:83:6f:ae:b8:be:ac:89:27:29:7e:26:30:03:17:86:0e:90:f9:e2
Signer

.text
Size: 513KB - Virtual size: 513KB

.rdata4
Size: 512B - Virtual size: 483B

.rdata3
Size: 512B - Virtual size: 483B

.rdata2
Size: 512B - Virtual size: 483B

.rdata
Size: 512B - Virtual size: 280B

.data
Size: 109KB - Virtual size: 109KB

.rdata5
Size: 512B - Virtual size: 483B

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 668KB - Virtual size: 667KB