Rack[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Rack.rar
Size

4.1MB
MD5

3418aecc442e8c75214e7ecb53a49a19
SHA1

93c952b8d2c5b71b683c83955289562035da19bf
SHA256

526b432752bac2edc49ee4a3cc2428f5d7249fa3afe66deba5d23e12e4bce68c
SHA512

93a2881eacf71e82401860149f7d073c41279eecbb8cbb1bd6a6391a1c751f29bd15fadb00334fa44e295c79f7f714912b8aff1ff690751933e069d310a0f57b
SSDEEP

98304:VDoT37zyXdl8PRcYN7NR/+E7K5YhCjSXE1b+1TtPxGjbZLPWxr:JoT37zy4PRz7zqoCjSXEUhPkZLWl

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Rack/023f69ef6dae03563d033b53730b56c53cedcb376d253ada613fd98c9a9ee010
unpack001/Rack/311d088d7c22fea0c84e1f53d3ba5dd8fb9429a2cf7476e061d061c40c20d8c2
unpack001/Rack/47f84419a3c49e289492b9e348c14c268b117cd26964746fa65318c893cbe81f
unpack001/Rack/5578d702c7fd246e11f71c4edb27b316ca267c6161effab324c9f6e6260bc9e5
unpack001/Rack/5606ce60e5b92f774579a2e60d76a1eaccbf946df8bd5fe828ef343856b7af56
unpack001/Rack/6235491cac4d58eb04c20f1649de6b3381972cdd33158b797fa6f6845afcd2c9
unpack001/Rack/666a3daa2ef51e1b14e0abeddecce8ba836a27cc37781899c88a3b6f328d17e6
unpack001/Rack/6a08b51e02a7b510972907c326041222ff4632ba53b89573fca7e80b59c4e168
unpack001/Rack/73809e9329c76c069035ac65dd9645c87aee3459a0f62b0fab1a640b56b6a34e
unpack001/Rack/849ebe96bbc8cb10dc7f980e272aea06dbedc66d7228ff1333542a7ff6aa017c
unpack001/Rack/8afc51fb904b25124bd5cb41985e917333071d1af1c6ab83cc7ae408e7cb0e7e
unpack001/Rack/d4d53c64cb46b4a286bdfdecaa928ed77942d8838506356bfbb6b8da8349c191
unpack001/Rack/e4ea72a1de2c5e1388cb35eee6beffdae4e06f9fe08f9aca04ad6350e32e338a
unpack001/Rack/e58768c3df867270aa9e3177709415005914b39d272623e8d296106ad5cf125c
unpack001/Rack/e98b1768aa5636c335985669c52319f9226089f9298dd5f9840c062bf8dcd18d
unpack001/Rack/fc330047cbdd7edc5776a5ef560e9ca73f3986ccd17f0e775a57b563dd8a2cdd

Files

Rack.rar
.rar
Rack/023f69ef6dae03563d033b53730b56c53cedcb376d253ada613fd98c9a9ee010
.exe windows:5 windows x86 arch:x86

eb90529bd6b08ab31823ecfc23a6582c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

PDB Paths

C:\heyi\lejuzow_gijusiterefux wolurihitudum43_jop limalo34_jo.pdb

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
OpenSemaphoreW
CreateFileMappingA
LoadLibraryA
GetModuleFileNameW
GetProcessShutdownParameters
GetFirmwareEnvironmentVariableA
EnumResourceTypesA
EndUpdateResourceW
GetProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetCurrentDirectoryW
CreateDirectoryExW
DefineDosDeviceA
lstrcmpA
GetCompressedFileSizeW
DeleteFileW
SearchPathA
CopyFileW
IsBadStringPtrW
CommConfigDialogW
GetDefaultCommConfigW
OpenJobObjectA
QueryInformationJobObject
ReleaseActCtx
GetCalendarInfoA
GetSystemDefaultLCID
ReadConsoleInputW
ScrollConsoleScreenBufferW
WriteConsoleW
CreateMailslotW
GetNamedPipeInfo
FindClose
CancelDeviceWakeupRequest
UnlockFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetExitCodeProcess
HeapReAlloc
HeapAlloc
VirtualAlloc
GlobalFree
GlobalAlloc
GetFileAttributesExW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
GetFileType
GetStringTypeW
DecodePointer
CloseHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
LCMapStringW
SetStdHandle
GetProcessHeap
RaiseException
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
CreateFileW

user32

DestroyCursor
GetMonitorInfoW

advapi32

QueryServiceConfigW
RegQueryValueExW
RegQueryValueA
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
GetFileSecurityA
GetSecurityDescriptorControl
AddAccessDeniedAce
GetAce
AreAllAccessesGranted
ObjectPrivilegeAuditAlarmA
ClearEventLogA
RegisterServiceCtrlHandlerA

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.satucez
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.coso
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rack/311d088d7c22fea0c84e1f53d3ba5dd8fb9429a2cf7476e061d061c40c20d8c2
.exe windows:5 windows x86 arch:x86

77be065e3e9688d9deec9fb09894d187

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsA
EraseTape
DeleteFileA
CreatePipe
CreateMutexA
CreateFileMappingW
FlushInstructionCache
CreateEventA
CompareFileTime
CloseHandle
CancelTimerQueueTimer
lstrlenA
VirtualAlloc
FormatMessageA
FreeLibrary
GetACP
GetCommandLineA
GetComputerNameA
GetComputerNameW
GetCurrencyFormatA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
lstrlenW
lstrlen
lstrcpyn
lstrcpyW
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualProtectEx
VerSetConditionMask
UnhandledExceptionFilter
TerminateProcess
Sleep
SetUnhandledExceptionFilter
SetSystemTimeAdjustment
SetLocaleInfoA
SetLastError
SetHandleCount
SetFilePointer
SetEvent
SetEnvironmentVariableA
ScrollConsoleScreenBufferW
ReleaseMutex
ReadFile
QueryPerformanceCounter
OpenMutexA
OpenFile
MultiByteToWideChar
LocalFree
LocalAlloc
LoadLibraryW
LoadLibraryA
GetModuleHandleA
IsDBCSLeadByte
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalGetAtomNameW
GlobalFree
GlobalDeleteAtom
GlobalAlloc
CreateFileA
GlobalAddAtomA

user32

SetScrollPos
SetScrollRange
SetWindowLongA
SetWindowPlacement
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
TranslateAcceleratorA
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
WinHelpA
wsprintfA
OpenClipboard
MoveWindow
ModifyMenuA
MessageBoxA
MessageBeep
MapDialogRect
LoadStringW
LoadStringA
LoadCursorA
LoadBitmapA
LoadAcceleratorsA
IsWindow
IsDlgButtonChecked
IsClipboardFormatAvailable
IsCharAlphaNumericA
InvalidateRect
IntersectRect
InflateRect
InSendMessage
GetWindowPlacement
GetWindowLongA
GetWindow
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetMessageTime
GetMessageA
GetMenuStringA
GetMenuItemCount
GetMenu
GetKeyState
GetDlgItemTextA
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDC
SetForegroundWindow
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClipboardData
GetClientRect
FrameRect
FindWindowA
FillRect
EnumDesktopsA
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextA
DrawMenuBar
DrawIcon
DrawFocusRect
DispatchMessageA
DialogBoxParamA
DestroyWindow
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
DdeUninitialize
DdeUnaccessData
DdeSetUserHandle
DdeQueryConvInfo
DdeKeepStringHandle
DdeInitializeA
DdeGetLastError
DdeGetData
DdeFreeStringHandle
DdeFreeDataHandle
DdeDisconnect
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeAccessData
CreateWindowExW
CreateWindowExA
CountClipboardFormats
CopyRect
CloseClipboard
CheckMenuItem
CheckDlgButton
ChangeMenuA
ChangeClipboardChain
BeginPaint
AppendMenuA
AdjustWindowRectEx
SendMessageA
SetFocus
SetDoubleClickTime
SetDlgItemTextA
SetCursor
SetClipboardViewer
SetClipboardData
SetCapture
SendDlgItemMessageA
ScrollWindow
ReleaseDC
ReleaseCapture
RegisterClipboardFormatW
RegisterClipboardFormatA
RegisterClassExW
RegisterClassA
PostQuitMessage
PostMessageA
GetClipboardOwner
PeekMessageA
LoadIconA
IsIconic

gdi32

BitBlt
ColorCorrectPalette
CreateBitmap
CreateBitmapIndirect
CreateDIBitmap
CreateFontA
CreateFontIndirectA
CreatePalette
CreateSolidBrush
DeleteObject
EngCheckAbort
EnumMetaFile
ExcludeClipRect
GetBitmapBits
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetMetaFileBitsEx
GetObjectA
GetPaletteEntries
GetPath
GetStockObject
GetTextExtentPointA
GetTextExtentPointW
GetTextMetricsA
GetWindowOrgEx
HT_Get8BPPFormatPalette
IntersectClipRect
DeleteEnhMetaFile
PlayEnhMetaFile
PlayMetaFile
PlayMetaFileRecord
PolyTextOutW
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBrushOrgEx
SetColorAdjustment
SetDIBitsToDevice
SetEnhMetaFileBits
SetMapMode
SetMetaFileBitsEx
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StretchBlt
TextOutA
TextOutW
TranslateCharsetInfo
CreateCompatibleDC
PatBlt
AddFontResourceA
DeleteDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyExA
RegQueryValueExW
RegOpenKeyW
AddAccessAllowedAce
AdjustTokenPrivileges
CloseServiceHandle
EqualSid
GetAce
GetLengthSid
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
LookupPrivilegeValueA
MakeSelfRelativeSD
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenThreadToken
QueryServiceStatus
RegCloseKey
SetSecurityDescriptorDacl
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteA
SHQueryRecycleBinA
SHPathPrepareForWriteA
ExtractAssociatedIconExW
SHAddToRecentDocs
SHGetDataFromIDListA
ShellHookProc
SHGetPathFromIDList
SHGetSpecialFolderPathA
SHLoadNonloadedIconOverlayIdentifiers

shlwapi

StrChrIA
StrCmpNIW
StrCmpNW
StrChrA
StrRStrIA

comctl32

CreateToolbarEx

winmm

timeGetTime

msvcrt

_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
exit
sscanf

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.po1
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

e2
Size: 512B - Virtual size: 191B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.po3
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.po5
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.po1
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.po2
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.po4
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rack/47f84419a3c49e289492b9e348c14c268b117cd26964746fa65318c893cbe81f
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rack/5578d702c7fd246e11f71c4edb27b316ca267c6161effab324c9f6e6260bc9e5
.exe windows:5 windows x86 arch:x86

1c905d3d4c93b0360c86a969e3123c38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtQueryInformationFile
NtClose
NtReadFile
NtWriteFile

shlwapi

PathCombineW

kernel32

InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
SetLastError
TlsFree
DecodePointer
GetCurrentProcess
GetTickCount
GetCurrentThread
GetProcessHeap
GetProcessTimes
GetCurrentThreadId
GetCurrentProcessId
GetThreadTimes
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
InterlockedCompareExchange
HeapDestroy
HeapCreate
HeapSize
MultiByteToWideChar
SetUnhandledExceptionFilter
CreateDirectoryW
GetFileAttributesW
CreateFileW
GetLastError
SetFileAttributesW
GetModuleHandleW
GetProcAddress
LocalFree
GetFileType
GetSystemTimeAsFileTime
GetVersionExW
GetThreadContext
SetThreadContext
CreateProcessW
VirtualFreeEx
TerminateProcess
GetModuleFileNameW
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
CreateThread
CreateMutexW
IsProcessorFeaturePresent
InitializeCriticalSection
Sleep
LeaveCriticalSection
OpenMutexW
EnterCriticalSection
CreateEventW
DeleteCriticalSection
WTSGetActiveConsoleSessionId
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
LCMapStringW
GetStringTypeW
LoadLibraryW
GetNativeSystemInfo
WaitForSingleObject
HeapSetInformation
GetCommandLineA

user32

GetFocus
GetCapture
GetKBCodePage
GetForegroundWindow
GetDesktopWindow
GetActiveWindow
GetShellWindow
GetOpenClipboardWindow
GetClipboardOwner

advapi32

RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

shell32

SHGetFolderPathW
ShellExecuteExW
ord680

ole32

CoInitializeEx

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rack/5606ce60e5b92f774579a2e60d76a1eaccbf946df8bd5fe828ef343856b7af56
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc1
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.test
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Rack/6235491cac4d58eb04c20f1649de6b3381972cdd33158b797fa6f6845afcd2c9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rack/666a3daa2ef51e1b14e0abeddecce8ba836a27cc37781899c88a3b6f328d17e6
.exe windows:5 windows x86 arch:x86

00d90f5afd56b60654bdc569a2c7c2e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

PDB Paths

C:\pub15-cotetuc66-kiyoxiveyewup_nupu.pdb

Imports

kernel32

CreateMailslotW
lstrcmpW
lstrcpyA
lstrcatA
lstrlenA
OpenSemaphoreW
LoadLibraryA
GetModuleFileNameW
GetProcessShutdownParameters
GetFirmwareEnvironmentVariableW
EnumResourceTypesA
EndUpdateResourceW
GetProfileStringA
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetCurrentDirectoryW
GetDiskFreeSpaceExA
GetNamedPipeInfo
DefineDosDeviceA
GetFileAttributesExW
DeleteFileW
CopyFileW
CreateNamedPipeA
IsBadStringPtrA
CommConfigDialogW
GetDefaultCommConfigW
OpenJobObjectW
QueryInformationJobObject
ReleaseActCtx
GetCalendarInfoA
GetSystemDefaultLCID
ReadConsoleInputA
WriteConsoleW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ClearCommBreak
FindClose
CancelDeviceWakeupRequest
GetFileSizeEx
UnlockFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetExitCodeProcess
HeapReAlloc
HeapAlloc
VirtualAlloc
GlobalFree
GlobalAlloc
CreateDirectoryExA
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
GetFileType
GetStringTypeW
DecodePointer
CloseHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
LCMapStringW
SetStdHandle
GetProcessHeap
RaiseException
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
CreateFileW

user32

InsertMenuItemW
GetMonitorInfoW

advapi32

RegQueryValueExW
RegQueryValueA
RegOpenKeyExW
RegFlushKey
RegEnumKeyExA
RegCreateKeyA
RegCloseKey
GetFileSecurityA
GetSecurityDescriptorControl
AddAccessDeniedAce
DeleteAce
AreAllAccessesGranted
ObjectPrivilegeAuditAlarmW
RevertToSelf
ClearEventLogA
RegisterServiceCtrlHandlerA

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 32.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mik
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nih
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rack/6a08b51e02a7b510972907c326041222ff4632ba53b89573fca7e80b59c4e168
.exe windows:4 windows x86 arch:x86

f622cc721bf8c5cc1be479f646f7409a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord815
ord561
ord825
ord1131
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord641
ord4229
ord823
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4480
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord338
ord652
ord4817
ord1937
ord4268
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord6051
ord1768
ord5236
ord5286
ord3743
ord1719
ord4426
ord560
ord813
ord5256
ord3658
ord3614
ord3621
ord800
ord2406
ord4128
ord4292
ord540
ord5784
ord472
ord2371
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord807
ord796
ord674
ord554
ord529
ord366
ord2486
ord2619
ord2618
ord5996
ord2109
ord4158
ord6617
ord4451
ord5248
ord1569
ord6371
ord4269
ord4604
ord4381
ord4606
ord1165

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_wcmdln
exit
_XcptFilter
_exit
_ftol
__CxxFrameHandler
__wgetmainargs

kernel32

CreateFileA
GetModuleHandleW
GetStartupInfoW
GetModuleFileNameA

user32

EnableWindow
InvalidateRect

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rack/73809e9329c76c069035ac65dd9645c87aee3459a0f62b0fab1a640b56b6a34e
.exe windows:5 windows x86 arch:x86

6e08b45fca1081df38ebcd1427cb8f75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yajavinerebi-pahujugegun72 gehepibikalujesowa\johewapoh.pdb

Imports

kernel32

OpenSemaphoreA
lstrcatA
GetCalendarInfoW
ReadConsoleInputW
LoadLibraryA
DefineDosDeviceW
DeleteFileA
GlobalAlloc
lstrcpyA
HeapReAlloc
GetDefaultCommConfigA
LoadLibraryW
FreeEnvironmentStringsW
GetCurrentDirectoryW
GetProcAddress
GetProfileStringW
OpenJobObjectA
CommConfigDialogW
CreateMailslotW
GetFileTime
CreateDirectoryExW
IsBadStringPtrW
WriteConsoleW
SetFilePointerEx
lstrcmpA
lstrlenA
GetFirmwareEnvironmentVariableA
FatalExit
EnumResourceTypesA
LockFile
SetProcessShutdownParameters
GetModuleFileNameW
DeviceIoControl
GlobalCompact
GetSystemDefaultLCID
GetFileAttributesExA
HeapAlloc
GetPrivateProfileSectionNamesA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetLastError
SetLastError
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
DecodePointer
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW

user32

IsWinEventHookInstalled

advapi32

GetPrivateObjectSecurity
RegQueryValueA
GetSecurityDescriptorControl
RegisterServiceCtrlHandlerW
ClearEventLogA
DeleteAce
ObjectPrivilegeAuditAlarmA
AddAccessDeniedAce
RegOpenKeyExW
RegCreateKeyW
RegEnumValueW
RegQueryValueExW
GetFileSecurityA

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rack/849ebe96bbc8cb10dc7f980e272aea06dbedc66d7228ff1333542a7ff6aa017c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc1
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.test
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Rack/8afc51fb904b25124bd5cb41985e917333071d1af1c6ab83cc7ae408e7cb0e7e
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rack/d4d53c64cb46b4a286bdfdecaa928ed77942d8838506356bfbb6b8da8349c191
.exe windows:5 windows x86 arch:x86

3ac8ce146435879f6c6bfa04c90d6846

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gubiwonevohuru72\rukajitox40-micaz.pdb

Imports

kernel32

OpenSemaphoreW
LoadLibraryA
GetModuleFileNameW
GetProcessShutdownParameters
GetFirmwareEnvironmentVariableA
EnumResourceTypesA
EndUpdateResourceA
GetProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetCurrentDirectoryW
CreateDirectoryExW
DefineDosDeviceA
GetFileAttributesExW
DeleteFileW
CopyFileW
BackupRead
CommConfigDialogW
GetDefaultCommConfigW
OpenJobObjectA
QueryInformationJobObject
ReleaseActCtx
GetCalendarInfoW
GetSystemDefaultLCID
ReadConsoleInputW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
lstrlenA
lstrcatA
lstrcpyA
lstrcmpA
CreateMailslotW
FindClose
CancelDeviceWakeupRequest
UnlockFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetExitCodeProcess
HeapReAlloc
HeapAlloc
VirtualAlloc
GlobalCompact
GlobalAlloc
IsBadStringPtrW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
GetFileType
GetStringTypeW
DecodePointer
CloseHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
LCMapStringW
SetStdHandle
GetProcessHeap
RaiseException
HeapSize
CreateFileW

user32

ScrollWindowEx
DrawTextA
GetMenuItemCount
IsCharAlphaNumericW
CreateWindowStationW
GetMonitorInfoW

advapi32

RegQueryValueExW
RegQueryValueA
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyW
RegCloseKey
LookupAccountSidW
GetFileSecurityA
GetSecurityDescriptorControl
AddAccessDeniedAce
DeleteAce
GetAclInformation
AreAllAccessesGranted
ObjectPrivilegeAuditAlarmA
ClearEventLogA
RegisterServiceCtrlHandlerW

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rev
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bovomez
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rack/e4ea72a1de2c5e1388cb35eee6beffdae4e06f9fe08f9aca04ad6350e32e338a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rack/e58768c3df867270aa9e3177709415005914b39d272623e8d296106ad5cf125c
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rack/e98b1768aa5636c335985669c52319f9226089f9298dd5f9840c062bf8dcd18d
.exe windows:5 windows x86 arch:x86

44773074be5e1bbadcd74ccc0cd0179c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cafijukupinate\gi.pdb

Imports

kernel32

GetModuleFileNameW
GetProcessShutdownParameters
GetFirmwareEnvironmentVariableA
EnumResourceTypesA
EndUpdateResourceA
GetProfileStringA
GetPrivateProfileSectionNamesA
GetWindowsDirectoryA
GetCurrentDirectoryW
CreateDirectoryExW
DefineDosDeviceW
GetFileAttributesExW
DeleteFileW
CopyFileW
IsBadStringPtrW
LoadLibraryA
GetDefaultCommConfigW
OpenJobObjectA
ReleaseActCtx
GetCalendarInfoW
GetSystemDefaultLCID
ReadConsoleInputW
FlushConsoleInputBuffer
AllocConsole
CreateConsoleScreenBuffer
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
OpenSemaphoreA
lstrlenA
lstrcatA
lstrcpyA
lstrcmpA
CreateMailslotW
ClearCommBreak
GetFileTime
CancelDeviceWakeupRequest
LockFile
FreeEnvironmentStringsW
FatalExit
HeapReAlloc
HeapAlloc
GlobalCompact
GlobalAlloc
CommConfigDialogW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
GetFileType
GetStringTypeW
DecodePointer
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
LCMapStringW
SetStdHandle
GetProcessHeap
RaiseException
HeapSize
GetConsoleCP
GetConsoleMode
CreateFileW

user32

SetActiveWindow
SetKeyboardState
SetClipboardData
GetMonitorInfoW

advapi32

RegQueryValueExW
RegQueryMultipleValuesW
RegQueryValueA
RegOpenKeyExW
RegEnumValueW
RegCreateKeyW
RegCloseKey
SetKernelObjectSecurity
GetFileSecurityA
GetPrivateObjectSecurity
GetSecurityDescriptorControl
AddAccessDeniedAce
DeleteAce
ObjectPrivilegeAuditAlarmA
OpenBackupEventLogA
ClearEventLogA
RegisterServiceCtrlHandlerW

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xuden
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.roriv
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rack/fc330047cbdd7edc5776a5ef560e9ca73f3986ccd17f0e775a57b563dd8a2cdd
.exe windows:5 windows x86 arch:x86

274ad273613f6dea69e5537feb718233

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtClose

kernel32

GetProcessTimes
GetCurrentThreadId
GetCurrentProcessId
GetThreadTimes
LoadLibraryA
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
InterlockedCompareExchange
HeapDestroy
HeapCreate
HeapSize
MultiByteToWideChar
SetUnhandledExceptionFilter
GetLastError
GetModuleHandleW
GetProcAddress
LocalFree
GetNativeSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
CloseHandle
GetThreadContext
SetThreadContext
GetProcessHeap
VirtualFreeEx
TerminateProcess
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
Sleep
WTSGetActiveConsoleSessionId
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThread
GetTickCount
GetCurrentProcess
LoadLibraryW
IsProcessorFeaturePresent
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateProcessW
CreateFileW
GetModuleFileNameA
GetModuleFileNameW
WriteFile
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW

user32

GetCapture
GetFocus
GetForegroundWindow
GetActiveWindow
GetClipboardOwner
GetShellWindow
GetOpenClipboardWindow
GetKBCodePage
GetDesktopWindow

advapi32

RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

shell32

ord680
ShellExecuteExW
SHGetFolderPathW

ole32

CoInitializeEx

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb90529bd6b08ab31823ecfc23a6582c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 190KB - Virtual size: 189KB

.data Size: 8KB - Virtual size: 1.7MB

.satucez Size: 1024B - Virtual size: 1024B

.coso Size: 512B - Virtual size: 1B

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 4KB - Virtual size: 4KB

77be065e3e9688d9deec9fb09894d187

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

shlwapi

comctl32

winmm

msvcrt

Sections

.text Size: 33KB - Virtual size: 32KB

.po1 Size: 378KB - Virtual size: 378KB

e2 Size: 512B - Virtual size: 191B

.po3 Size: 20KB - Virtual size: 19KB

.po5 Size: 21KB - Virtual size: 20KB

.rdata Size: 182KB - Virtual size: 182KB

.data Size: 46KB - Virtual size: 46KB

.po1 Size: 20KB - Virtual size: 19KB

.po2 Size: 28KB - Virtual size: 27KB

.po4 Size: 20KB - Virtual size: 19KB

.rsrc Size: 13KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 401KB - Virtual size: 400KB

DATA Size: 32KB - Virtual size: 32KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 27KB - Virtual size: 27KB

.rsrc Size: 306KB - Virtual size: 305KB

1c905d3d4c93b0360c86a969e3123c38

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 3KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 190KB - Virtual size: 189KB

.data
Size: 8KB - Virtual size: 1.7MB

.satucez
Size: 1024B - Virtual size: 1024B

.coso
Size: 512B - Virtual size: 1B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 32KB

.po1
Size: 378KB - Virtual size: 378KB

e2
Size: 512B - Virtual size: 191B

.po3
Size: 20KB - Virtual size: 19KB

.po5
Size: 21KB - Virtual size: 20KB

.rdata
Size: 182KB - Virtual size: 182KB

.data
Size: 46KB - Virtual size: 46KB

.po1
Size: 20KB - Virtual size: 19KB

.po2
Size: 28KB - Virtual size: 27KB

.po4
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 13KB - Virtual size: 12KB

CODE
Size: 401KB - Virtual size: 400KB

DATA
Size: 32KB - Virtual size: 32KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 306KB - Virtual size: 305KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 3KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 5KB

CODE
Size: 401KB - Virtual size: 400KB

DATA
Size: 32KB - Virtual size: 32KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.rsrc1
Size: - Virtual size:

.rsrc
Size: 305KB - Virtual size: 304KB

.rsrc
Size: 308KB - Virtual size: 308KB

.test
Size: 512B - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 72KB - Virtual size: 68KB

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 198KB - Virtual size: 198KB

.data
Size: 8KB - Virtual size: 32.2MB

.mik
Size: 1024B - Virtual size: 1024B

.nih
Size: 512B - Virtual size: 1B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 224KB - Virtual size: 220KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 1.6MB

.gfids
Size: 512B - Virtual size: 176B