e:\Amon You\Box\Box\obj\Debug\Box.pdb
Overview
overview
10Static
static
6AES-NI.exe
windows10-2004-x64
10Abrechnung.exe
windows10-2004-x64
8Box (2).exe
windows10-2004-x64
3Box.exe
windows10-2004-x64
3a66dde2298...43.exe
windows10-2004-x64
9a7768f4973...e0.exe
windows10-2004-x64
10aa7ff3bc28...1e.exe
windows10-2004-x64
7aace43af8d...99.exe
windows10-2004-x64
8ad3cc219a8...ws.dll
windows10-2004-x64
10aee03626b8...b1.exe
windows10-2004-x64
6afd3b729cf...2e.exe
windows10-2004-x64
10b56c4569d6...ss.exe
windows10-2004-x64
30.84762379...67.exe
windows10-2004-x64
3zsgblrbrum...ke.exe
windows10-2004-x64
3b7d9f11c16...b0.exe
windows10-2004-x64
5b8f60c64c7...af.exe
windows10-2004-x64
10Saldo.Pdf_...__.exe
windows10-2004-x64
bc557a7bfe...8f.exe
windows10-2004-x64
7bd2d4d4300...17.vbs
windows10-2004-x64
1be03e43db0...5F.exe
windows10-2004-x64
10be03e43db0...8A.exe
windows10-2004-x64
3be514549a2...1f.exe
windows10-2004-x64
9bfb8f7f6cb...-0.dll
windows10-2004-x64
8bldjad.ex1.exe
windows10-2004-x64
3bldjad.exe
windows10-2004-x64
3bldjad2.exe
windows10-2004-x64
5c145a26dd6...a0.exe
windows10-2004-x64
3c325092750...db.apk
windows10-2004-x64
3c36c46f4de...6e.exe
windows10-2004-x64
3c3dd2e3cf0...04.exe
windows10-2004-x64
3c71c26bf89...3_.exe
windows10-2004-x64
7c846282987...fd.exe
windows10-2004-x64
5Behavioral task
behavioral1
Sample
AES-NI.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
Abrechnung.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Box (2).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
Box.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
a7768f4973ad7cf8217212a4d12dbae0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
aace43af8d0932a7b01c5b8fb71c8199.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de_PonyNews.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
b56c4569d639e8ce104d9e52dffeba6d18813c058887a3404350904811f32d54_not_packed_maybe_useless.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
0.8476237917779167.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
zsgblrbrumorwxfizuke.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Saldo.Pdf______________________________________________________________.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
bd2d4d43009623941f49554f5932188154fc9d16d820e00db1281d057468b017.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
bfb8f7f6cbe24330a310e5c7cbe99ed4_api-ms-win-system-wer-l1-1-0.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
bldjad.ex1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
bldjad.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
bldjad2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
c325092750dd55898c47be7ec8a7622c3bf8d1a79c40b160ef7901c2ef18f5db.apk
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
c36c46f4de045ef332decc006694db6e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe
Resource
win10v2004-20241007-en
General
-
Target
Batch_5.zip
-
Size
10.7MB
-
MD5
840ef805274a90a6354a0f5d1c6f05f1
-
SHA1
856f756302fb8559edac0804324c6fec97382d84
-
SHA256
51b3773145652b5d559396a08e1282a3a1d92d4df473f774d61791386fca0598
-
SHA512
a1dbedebf1dc9007ea6781116d3b92e052d5110b34bcc83e87d7ba8736d1b9353bfaeb88de6b53f11ea661ef60231ae2280a4a7e54c4c3bd06cbe7f1aa864904
-
SSDEEP
196608:1iAo5dAtwAQT+rrxa/kHpuI7c/hDU9EPh3VkXI599o9kDD8xCO:1jCAtwAy+rrakDcpDU9uFNgaDQCO
Malware Config
Signatures
-
Declares broadcast receivers with permission to handle system events 1 IoCs
description ioc Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN -
Requests dangerous framework permissions 7 IoCs
description ioc Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Required to be able to access the camera device. android.permission.CAMERA -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack002/out.upx autoit_exe -
resource yara_rule static1/unpack001/a7768f4973ad7cf8217212a4d12dbae0.exe upx static1/unpack001/b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe upx -
Unsigned PE 32 IoCs
Checks for missing Authenticode signature.
resource unpack001/AES-NI.exe unpack001/Abrechnung.exe unpack001/Box (2).exe unpack001/Box.exe unpack001/a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe unpack001/a7768f4973ad7cf8217212a4d12dbae0.exe unpack002/out.upx unpack001/aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe unpack001/aace43af8d0932a7b01c5b8fb71c8199.exe unpack001/ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de_PonyNews.exe unpack001/aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe unpack001/afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe unpack001/b56c4569d639e8ce104d9e52dffeba6d18813c058887a3404350904811f32d54_not_packed_maybe_useless.exe unpack003/0.8476237917779167.exe unpack003/zsgblrbrumorwxfizuke.exe unpack001/b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe unpack004/out.upx unpack001/b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe unpack005/Saldo.Pdf______________________________________________________________.exe unpack006/Transazione.Pdf______________________________________________________________.exe unpack001/bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe unpack001/be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe unpack001/be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe unpack001/be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe unpack001/bfb8f7f6cbe24330a310e5c7cbe99ed4_api-ms-win-system-wer-l1-1-0.dll unpack001/bldjad.ex1.exe unpack001/bldjad.exe unpack001/bldjad2.exe unpack001/c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe unpack001/c36c46f4de045ef332decc006694db6e.exe unpack001/c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe unpack001/c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe
Files
-
Batch_5.zip.zip
-
AES-NI.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 755KB - Virtual size: 760KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 162KB - Virtual size: 162KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Abrechnung.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Box (2).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 436KB - Virtual size: 435KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Box.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
e:\Amon You\Box\Box\obj\Debug\Box.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 437KB - Virtual size: 437KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
a66dde22983583da6d3b1e5b9eb1e8fb019f5157eda508305942292c0d10fa43.exe.exe windows:5 windows x86 arch:x86
950df57a59e3f593262bcaf10cadc60e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
RtlUnwind
NtClose
kernel32
GetProcessTimes
GetCurrentThreadId
GetCurrentProcessId
GetThreadTimes
LoadLibraryA
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
InterlockedCompareExchange
HeapDestroy
HeapCreate
HeapSize
MultiByteToWideChar
SetUnhandledExceptionFilter
GetLastError
GetModuleHandleW
GetProcAddress
LocalFree
GetNativeSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetThreadContext
SetThreadContext
CreateProcessW
VirtualFreeEx
GetProcessHeap
TerminateProcess
GetModuleFileNameW
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
CreateThread
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
OpenMutexW
EnterCriticalSection
DeleteCriticalSection
Sleep
WTSGetActiveConsoleSessionId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetCurrentThread
GetTickCount
GetCurrentProcess
LCMapStringW
GetStringTypeW
LoadLibraryW
IsProcessorFeaturePresent
SetLastError
TlsFree
DecodePointer
TlsSetValue
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
user32
GetKBCodePage
GetDesktopWindow
GetCapture
GetClipboardOwner
GetShellWindow
GetOpenClipboardWindow
GetFocus
GetActiveWindow
GetForegroundWindow
advapi32
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
shell32
ord680
ShellExecuteExW
SHGetFolderPathW
ole32
CoInitializeEx
Sections
.text Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
a7768f4973ad7cf8217212a4d12dbae0.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 472KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 264KB - Virtual size: 268KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 514KB - Virtual size: 513KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
aa7ff3bc285bcb4ec48bf2f361f0ad0a1d9fc8f17b7323d2f0615ade68973c1e.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
E:\ban cap nhat 26 11 2016\HiddenTear-master\HiddenTear-master\HiddenTear\obj\x86\Debug\HiddenTear.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 448KB - Virtual size: 448KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 101KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
aace43af8d0932a7b01c5b8fb71c8199.exe.exe windows:4 windows x86 arch:x86
1c2a6fbef41572f4c9ce8acb5a63cde7
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
winmm
timeEndPeriod
timeBeginPeriod
ws2_32
WSAGetOverlappedResult
kernel32
WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
Sections
.text Size: 885KB - Virtual size: 885KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 988KB - Virtual size: 988KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 92KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
/4 Size: 512B - Virtual size: 274B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/19 Size: 127KB - Virtual size: 127KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/32 Size: 35KB - Virtual size: 35KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/46 Size: 16KB - Virtual size: 16KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/63 Size: 16KB - Virtual size: 16KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/80 Size: 512B - Virtual size: 34B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/99 Size: 244KB - Virtual size: 243KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/112 Size: 141KB - Virtual size: 140KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/124 Size: 43KB - Virtual size: 43KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 902B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.symtab Size: 194KB - Virtual size: 194KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de_PonyNews.exe.dll windows:4 windows x86 arch:x86
5c2bd224c81b6720b9c891fd4669dac3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentProcess
DeleteTimerQueueEx
GetCommandLineA
CreateActCtxA
GlobalAddAtomA
GlobalFindAtomW
GetLastError
VirtualProtect
AllocateUserPhysicalPages
AssignProcessToJobObject
CloseHandle
GetConsoleWindow
CreateMutexW
CreateConsoleScreenBuffer
DeactivateActCtx
GetLongPathNameA
CopyFileW
BackupRead
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
RaiseException
DelayLoadFailureHook
gdi32
GetStockObject
psapi
GetProcessMemoryInfo
GetWsChanges
GetModuleFileNameExA
GetModuleBaseNameW
GetDeviceDriverFileNameA
InitializeProcessForWsWatch
EmptyWorkingSet
EnumPageFilesW
GetModuleFileNameExW
GetModuleInformation
EnumProcessModules
GetDeviceDriverBaseNameA
EnumProcesses
rasapi32
RasHangUpA
RasGetEntryDialParamsA
RasGetEntryDialParamsW
RasEnumDevicesA
RasHangUpW
RasSetSubEntryPropertiesA
RasRenameEntryW
RasEnumDevicesW
RasScriptGetIpAddress
RasValidateEntryNameA
RasFreeEapUserIdentityW
RasGetConnectStatusA
RasGetEapUserIdentityW
RasFreeEapUserIdentityA
RasEnumConnectionsW
RasGetEntryPropertiesA
RasValidateEntryNameW
RasGetCredentialsA
RasGetCountryInfoA
RasAutoDialSharedConnection
RasGetAutodialAddressA
RasEnumAutodialAddressesW
RasSetSubEntryPropertiesW
RasSetAutodialEnableA
RasGetAutodialEnableW
RasAutodialAddressToNetwork
RasSetEntryDialParamsA
RasEditPhonebookEntryA
RasSetEntryPropertiesA
RasDeleteSubEntryA
RasGetAutodialEnableA
RasGetProjectionInfoA
RasGetProjectionInfoW
RasSetEntryPropertiesW
RasGetErrorStringA
RasSetAutodialEnableW
RasGetCredentialsW
RasConnectionNotificationW
RasGetAutodialParamW
RasSetEapUserDataW
RasGetAutodialParamA
RasGetSubEntryHandleA
RasCreatePhonebookEntryA
RasInvokeEapUI
RasIsSharedConnection
msimg32
TransparentBlt
d3dxof
DirectXFileCreate
mstask
_NetrJobGetInfo@12
_SASetNSAccountInformation@12
_SetNetScheduleAccountInformation@12
_GetNetScheduleAccountInformation@12
_NetrJobAdd@12
_NetrJobEnum@20
_SASetAccountInformation@20
tapi32
MMCRemoveProvider
lineUncompleteCall
lineNegotiateAPIVersion
lineSetupConferenceW
lineGatherDigitsW
lineGetLineDevStatusW
lineAgentSpecific
internalPerformance
tapiRequestMediaCallA
tapiGetLocationInfoW
lineGetMessage
lineRegisterRequestRecipient
lineAddProvider
phoneGetDevCaps
lineCreateAgentW
lineGenerateDigits
MMCGetPhoneStatus
lineCreateAgentA
MMCAddProvider
lineSetDevConfig
lineSetAgentMeasurementPeriod
lineSetTollList
lineParkA
lineBlindTransferW
lineHandoff
lineSendUserUserInfo
lineGetQueueInfo
lineGetDevConfigA
lineMakeCall
lineGetRequestA
lineAddToConference
lineSetupTransferW
phoneGetDevCapsW
lineSetCallData
lineConfigDialogEdit
lineGetIcon
lineGetAddressCaps
lineSetCallParams
phoneGetIconA
lineGatherDigits
lineNegotiateExtVersion
TAPIWndProc
lineGetCallStatus
lineGetIconW
linePickupA
lineGetDevCaps
lineGetNumRings
lineForwardW
lineSetMediaMode
phoneGetHookSwitch
lineShutdown
phoneConfigDialog
MMCInitialize
lineProxyMessage
lineMonitorDigits
phoneGetStatusA
lineDial
lineGetAddressCapsA
phoneSetButtonInfo
lineConfigProvider
lineGetAppPriority
lineCreateAgentSessionW
lineSetAgentSessionState
lineGetAddressID
lineGetQueueListW
lineForwardA
lineConfigDialogEditW
LOpenDialAsst
lineSetAgentGroup
phoneGetRing
lineTranslateDialogW
lineTranslateAddressA
lineGetAgentCapsW
lineBlindTransferA
internalRemoveLocation
lineGetLineDevStatus
phoneInitialize
lineGetCountryW
lineForward
lineGenerateTone
MMCSetLineInfo
lineSetTollListW
Exports
Exports
BrowserDevelope
CareDeny
ClientQueryConsole
ComeNeverA
DynamicHandleTime
FillAffected
FunctionParent
GoalOverviewTarget
IndicateCall
IsResultW
LimitFormattedW
NeedApplicationW
ProcessOperation
ProviderSearchA
PurchaseMethodProtected
ServerStart
SettingProperlyProductW
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.cdata Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.ndata Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
aee03626b83a88b71b06899116cb7ce4b8092365103d69792b0c2d7153f24cb1.exe.exe windows:5 windows x86 arch:x86
50a39d8c933b48792bb6a3fa1490d04e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\StickyKeys\Beijing\Accuracy\GDI.pdb
Imports
kernel32
SetStdHandle
GetLocaleInfoA
HeapSize
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
GetStdHandle
TlsGetValue
GetFileType
SetHandleCount
GetModuleFileNameA
WriteFile
LCMapStringA
Sleep
GetModuleHandleW
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
LCMapStringW
GetStringTypeA
GetStringTypeW
lstrcpyA
AreFileApisANSI
lstrcpyW
FileTimeToLocalFileTime
CloseHandle
GetModuleHandleA
WTSGetActiveConsoleSessionId
DeviceIoControl
LoadLibraryA
GetLocalTime
GetPrivateProfileStringA
GlobalFree
FlushFileBuffers
GlobalUnlock
SetConsoleTitleA
MultiByteToWideChar
CreateFileW
ReadFile
EnumResourceLanguagesA
WriteConsoleW
CreateEventA
GlobalAlloc
GetProcessHeap
LockFile
HeapCreate
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetProcAddress
GetCurrentDirectoryW
ExitProcess
GetLastError
WaitForSingleObject
GlobalLock
GlobalSize
GetCurrentProcess
HeapAlloc
lstrcmpA
GetFileSize
TlsAlloc
CreateFileA
user32
MessageBoxW
GetSystemMetrics
OpenClipboard
PostMessageA
CreatePopupMenu
SetMenu
ShowWindow
GetCursorPos
UpdateWindow
DefWindowProcA
EnableWindow
SetClipboardData
EndDialog
DestroyMenu
LoadCursorA
GetDlgItemTextA
GetDlgItem
EmptyClipboard
ReleaseDC
CreateWindowExA
DrawFrameControl
SetDlgItemTextA
GetDialogBaseUnits
GetClipboardData
GetWindowLongA
InvalidateRect
SetWindowLongA
SetRect
GetKeyboardLayout
GetDC
PtInRect
BeginPaint
SendMessageA
GetWindowTextLengthA
CreateMenu
GetWindow
SetWindowPos
EndPaint
CloseClipboard
GetSystemMenu
GetWindowRect
InsertMenuItemA
RegisterClassExA
PostQuitMessage
SendDlgItemMessageA
TrackPopupMenu
SetCapture
DrawTextW
DeleteMenu
LoadBitmapA
LoadMenuA
LoadIconA
GetWindowInfo
wsprintfA
FindWindowExA
GetClientRect
gdi32
DeleteObject
GetStockObject
TextOutW
MoveToEx
LineTo
CreatePolyPolygonRgn
SetTextColor
DeleteDC
CreateFontIndirectA
GetCurrentObject
CreateHalftonePalette
CreateBitmap
CreateSolidBrush
SelectObject
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
Rectangle
RealizePalette
CreateFontW
SelectPalette
CreatePen
GetObjectA
advapi32
AdjustTokenPrivileges
OpenProcessToken
CryptExportKey
CryptReleaseContext
LookupPrivilegeValueA
CryptAcquireContextA
AllocateAndInitializeSid
CryptGetUserKey
CryptGenKey
shell32
SHBrowseForFolderA
ole32
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleGetClipboard
OleCreate
CoInitialize
OleUninitialize
OleInitialize
OleSetContainedObject
StringFromGUID2
CoUninitialize
CoCreateInstance
OleCreateStaticFromData
oleaut32
VariantInit
SysFreeString
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
ws2_32
WSAStartup
WSAIoctl
gethostbyname
htons
netapi32
NetWkstaUserEnum
NetWkstaGetInfo
NetWkstaSetInfo
NetApiBufferFree
userenv
GetAllUsersProfileDirectoryA
msacm32
acmFormatEnumA
acmMetrics
winmm
waveOutClose
waveOutPrepareHeader
waveOutMessage
waveOutWrite
waveOutOpen
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
crypt32
CryptDecodeObject
comctl32
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_DragEnter
ord17
ImageList_Draw
pdh
PdhSetCounterScaleFactor
PdhReadRawLogRecord
PdhSelectDataSourceA
rpcrt4
UuidCreate
imm32
ImmGetOpenStatus
ImmGetContext
ImmReleaseContext
wtsapi32
WTSQueryUserToken
msi
ord101
Sections
.text Size: 163KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
afd3b729cf99fb9ea441f42862a4835d1d6eeb36ee535f9b206e3a00382c972e.exe.exe windows:4 windows x86 arch:x86
9a3d6959e6823cfab73700f601ca3412
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
mmioWrite
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveOutWrite
waveInUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen
mmioDescend
mmioClose
mmioRead
waveInStop
waveInReset
waveInClose
waveOutUnprepareHeader
waveInOpen
mmioAscend
mfc42
ord4998
ord2379
ord2302
ord567
ord1168
ord1146
ord3574
ord823
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord817
ord348
ord565
ord825
ord2726
ord4226
ord537
ord800
ord1105
ord518
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord2514
ord2621
ord1134
ord641
ord609
ord2256
ord5265
ord4376
ord4853
ord1576
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
msvcrt
_except_handler3
_controlfp
_onexit
__dllonexit
_setmbcp
__set_app_type
__CxxFrameHandler
memset
strcpy
sprintf
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
kernel32
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
CreateFileA
GetModuleFileNameA
ResetEvent
Sleep
GetCurrentThreadId
WaitForMultipleObjects
GetLastError
SetEvent
user32
LoadIconA
PostThreadMessageA
PostQuitMessage
EnableWindow
Sections
.text Size: 48KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
b56c4569d639e8ce104d9e52dffeba6d18813c058887a3404350904811f32d54_not_packed_maybe_useless.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\my projects\bbac\output\Release\bbac.pdb
Sections
.text Size: 37KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 436B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.mackt Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
b7989d9eacb5a8b224fd183f6ba65e4e6bd30a4f0e4e1a299f0d2b63dcb56730_Archive_useless.exe.zip
-
0.8476237917779167.exe.exe windows:4 windows x86 arch:x86
fcae38cb0b0381e590e953306c0423a0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetEnvironmentStringsW
GetPriorityClass
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA
setupapi
SetupGetLineCountA
msvcrt
_adjust_fdiv
memcpy
_exit
_XcptFilter
exit
_onexit
__getmainargs
_initterm
__setusermatherr
_acmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
Sections
.text Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 782B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
zsgblrbrumorwxfizuke.exe.exe windows:4 windows x86 arch:x86
fcae38cb0b0381e590e953306c0423a0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetEnvironmentStringsW
GetPriorityClass
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA
setupapi
SetupGetLineCountA
msvcrt
_adjust_fdiv
memcpy
_exit
_XcptFilter
exit
_onexit
__getmainargs
_initterm
__setusermatherr
_acmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
Sections
.text Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 782B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.exe.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 972KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 403KB - Virtual size: 404KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 114KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 1014KB - Virtual size: 1014KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 21KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 1024B - Virtual size: 934B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 60B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 169KB - Virtual size: 169KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
text Size: - Virtual size: 76KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data Size: 22KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
bb0e8d9ba927076fbe076960ee7c3b31afa9086583b7358c748d78a55b044a38.exe.zip
-
Saldo.Pdf______________________________________________________________.exe.exe windows:5 windows x86 arch:x86
380e5390f65e340268c2e7706d44415e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleW
GetTickCount
GetModuleFileNameW
IsDebuggerPresent
GetCPInfo
VirtualQuery
CreateFileA
CloseHandle
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetModuleHandleA
GetCommandLineW
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteConsoleA
RaiseException
user32
GetWindowRect
IsZoomed
GetForegroundWindow
GetWindowLongW
GetDesktopWindow
GetCursor
advapi32
GetUserNameA
Sections
.text Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 366KB - Virtual size: 366KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bb89efd602f3ddae8dc8c804053c5800c6628dbc7073c46bb3d268261130ba59.exe.zip
-
Transazione.Pdf______________________________________________________________.exe.exe windows:5 windows x86 arch:x86
380e5390f65e340268c2e7706d44415e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleW
GetTickCount
GetModuleFileNameW
IsDebuggerPresent
GetCPInfo
VirtualQuery
CreateFileA
CloseHandle
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetModuleHandleA
GetCommandLineW
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteConsoleA
RaiseException
user32
GetWindowRect
IsZoomed
GetForegroundWindow
GetWindowLongW
GetDesktopWindow
GetCursor
advapi32
GetUserNameA
Sections
.text Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 363KB - Virtual size: 363KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe.exe windows:6 windows x86 arch:x86
7c6791cb1b3ac992063bd8ecc38e1226
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\Asus\Desktop\MyEncrypter2Mod3Window\Release\MyEncrypter2.pdb
Imports
kernel32
SetFileAttributesA
GetLogicalDriveStringsA
GetProcAddress
GetFileSize
ExitProcess
WinExec
lstrcmpiA
CreateProcessA
GetTempFileNameA
GetComputerNameA
GetLastError
CloseHandle
LocalFree
GetTickCount
GetStdHandle
GetFileType
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary
GlobalMemoryStatus
FlushConsoleInputBuffer
FlushFileBuffers
GetACP
MultiByteToWideChar
SetEndOfFile
HeapSize
WriteConsoleW
DeleteFileA
LoadLibraryA
CreateFileA
GetFileAttributesA
OpenMutexA
CopyFileA
CompareStringA
Sleep
GetTempPathA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateMutexA
FindClose
SetFilePointer
ExpandEnvironmentStringsA
FindNextFileA
GetDriveTypeA
ExpandEnvironmentStringsW
WriteFile
GetCurrentProcess
ReadFile
FindFirstFileA
GetModuleFileNameA
FindFirstFileExA
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetProcessHeap
CreateFileW
SetStdHandle
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
SetConsoleCtrlHandler
GetConsoleCP
user32
MessageBoxA
GetUserObjectInformationW
SystemParametersInfoA
GetProcessWindowStation
advapi32
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegOpenKeyA
RegGetValueA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
SystemFunction036
shell32
SHGetFolderPathA
ole32
CoInitialize
CoCreateInstance
oleaut32
VariantClear
shlwapi
PathFindExtensionA
PathFileExistsA
urlmon
URLDownloadToFileA
wininet
DeleteUrlCacheEntry
Sections
.text Size: 512KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 222KB - Virtual size: 221KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bd2d4d43009623941f49554f5932188154fc9d16d820e00db1281d057468b017.exe.vbs
-
be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_Dumped_TDS=4F8C315F.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 436B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.mackt Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
be03e43db0b190b879c893102a76183231ea39ec51206d25651a3cacffa8d81d_TDS=4F90A68A.exe.exe windows:5 windows x86 arch:x86
4ea786321f19dc7a418dcab762bce2f6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTickCount
GetStdHandle
GetEnvironmentStringsW
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA
setupapi
SetupGetLineCountA
msvcrt
_adjust_fdiv
memcpy
_exit
_XcptFilter
_onexit
_acmdln
__getmainargs
_initterm
__setusermatherr
exit
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 806B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 45KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
be514549a2e654706aeeaa15c8cffce504f0e271c904fe07d865f3999ebaa61f.exe.exe windows:5 windows x86 arch:x86
522d0f97ab4a6d25aca0ac31ddb4ccd6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
StrStrW
kernel32
SetFilePointer
FreeResource
lstrlenA
GetDriveTypeW
FindResourceW
LoadResource
CreateProcessW
GetLogicalDriveStringsW
GetModuleHandleW
VirtualFree
SetFileTime
WriteFile
OpenProcess
Sleep
CopyFileW
SizeofResource
GetFileAttributesW
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
FindFirstFileW
lstrcmpW
MultiByteToWideChar
lstrlenW
GetProcAddress
VirtualAlloc
MoveFileW
FindClose
Process32FirstW
GetFileType
LockResource
Process32NextW
lstrcmpiW
FindNextFileW
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
DeleteFileW
SetFileAttributesW
GetVolumeInformationW
CreateThread
ExpandEnvironmentStringsW
GetFileSize
GetCommandLineW
ExitProcess
GetSystemDefaultLangID
ExitThread
user32
GetWindowLongW
LoadIconW
RegisterClassExW
LoadAcceleratorsW
TranslateMessage
wsprintfW
LoadCursorW
ShowWindow
TranslateAcceleratorW
GetSystemMetrics
UpdateWindow
SetWindowTextW
DefWindowProcW
DispatchMessageW
GetMessageW
CreateWindowExW
advapi32
RegCreateKeyW
RegCloseKey
RegSetValueExW
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bfb8f7f6cbe24330a310e5c7cbe99ed4_api-ms-win-system-wer-l1-1-0.dll.dll windows:4 windows x86 arch:x86
68bc8900cc12958cd840ed89d028d812
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
cluster0.pdb
Imports
kernel32
GetDiskFreeSpaceW
CreateSemaphoreA
GetDriveTypeW
ReplaceFileW
EnumCalendarInfoW
VerLanguageNameW
CreateProcessA
FreeLibrary
GetFileType
GetModuleFileNameA
GetBinaryTypeW
GetVolumeInformationA
gdi32
GetTextCharset
Exports
Exports
CLSIDScalableBuffer
CanStrip
CommPFXExtensionCtl
DialogDecrementFill
EqualHungABCWidths
NotifyCSpnStream
OutputUninitializeControls
PauseShellChildAttribute
SelectUnmakeMode
Sections
.text Size: 116KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 902B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vqCp0w Size: 72KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DATA Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.eh_fram Size: 52KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bldjad.ex1.exe.exe windows:4 windows x86 arch:x86
9afeb1a7e64e34e152035103d5794b26
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersion
GetCurrentThread
VirtualAlloc
LocalFree
LoadLibraryA
LocalAlloc
GetProcAddress
GetSystemInfo
GetModuleHandleA
GetVersionExA
GetLastError
GetThreadLocale
GetFileType
CloseHandle
user32
EndPaint
GetFocus
GetKeyState
DispatchMessageA
TranslateMessage
BeginPaint
GetMessageA
CharNextA
advapi32
RegOpenKeyA
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 684B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 119KB - Virtual size: 118KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bldjad.exe.exe windows:4 windows x86 arch:x86
9afeb1a7e64e34e152035103d5794b26
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersion
GetCurrentThread
VirtualAlloc
LocalFree
LoadLibraryA
LocalAlloc
GetProcAddress
GetSystemInfo
GetModuleHandleA
GetVersionExA
GetLastError
GetThreadLocale
GetFileType
CloseHandle
user32
EndPaint
GetFocus
GetKeyState
DispatchMessageA
TranslateMessage
BeginPaint
GetMessageA
CharNextA
advapi32
RegOpenKeyA
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 684B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 119KB - Virtual size: 118KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bldjad2.exe.exe windows:4 windows x86 arch:x86
09d0478591d4f788cb3e5ea416c25237
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Sections
.text Size: 171KB - Virtual size: 332KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
c145a26dd6d200080c16300456e7c0bc95f2b71f56d94136619e239e466a04a0.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\virus\OneDrive\dokumente\visual studio 2015\Projects\Petya+\Petya+\obj\Debug\Petya+.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
c325092750dd55898c47be7ec8a7622c3bf8d1a79c40b160ef7901c2ef18f5db.exe.apk android
com.lemmslen.ntdyiea
com.lemmslen.ntdyiea.irsorg
Activities
com.lemmslen.ntdyiea.irsorg
android.intent.action.MAIN
com.lemmslen.ntdyiea.obseribe
android.intent.action.VIEW
Permissions
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.GET_TASKS
android.permission.GET_ACCOUNTS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.WRITE_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.DISABLE_KEYGUARD
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.sec.android.app.sbrowser.operatorbookmarks.permission.READ_HISTORY_BOOKMARKS
android.permission.RESTART_PACKAGES
android.permission.CAMERA
Receivers
com.eevraci.eidtssna.erenmvsu
android.net.conn.CONNECTIVITY_CHANGE
android.system.cache
com.eevraci.eidtssna.encsuler
android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.ctiaoui.biellano.olttie
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLED
Services
com.lemmslen.ntdyiea.snvdpb
android.system.operate
com.ctiaoui.biellano.erreedi
android.system.registat
-
c36c46f4de045ef332decc006694db6e.exe.exe windows:4 windows x86 arch:x86
7756f274b323bce82e17a0d440c839b4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalAlloc
GetModuleHandleA
_lclose
_lread
_lopen
GlobalAlloc
GetSystemTime
GetModuleFileNameA
Sleep
CreateThread
GetProcAddress
LoadLibraryA
Sections
.text Size: 4KB - Virtual size: 637B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 4KB - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
c3dd2e3cf0ebeec7a6c280e187a044a32b54b369a78aaaa89c600a0767b49704.exe.exe windows:4 windows x86 arch:x86
41bf9e02ed4c4c0b039d7e7568f47ebf
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTickCount
lstrlenA
GetStdHandle
LocalAlloc
CreateMutexA
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA
shlwapi
PathAddExtensionA
setupapi
SetupDefaultQueueCallbackA
msvcrt
__setusermatherr
_controlfp
_onexit
memmove
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
Sections
.text Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
c71c26bf894feb5dbedb2cf2477258f3edf3133a3c22c68ab378ba65ecf251d3_.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
c8462829871b7bdb005f4dd881d253aa255a1b2f6f3d89edb1d609b51f5d04fd.exe.exe windows:5 windows x86 arch:x86
e0577a224cd97b15da521a3e570183e9
Code Sign
2c:a0:28:d1:a4:de:0e:b7:43:13:5e:de:cf:74:d7:afCertificate
IssuerCN=Adobe SystemsNot Before24-11-2014 23:54Not After31-12-2039 23:59SubjectCN=Adobe SystemsExtended Key Usages
ExtKeyUsageCodeSigning
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
78:ba:bb:85:f1:26:fb:8a:e1:fe:8e:0d:ff:ad:ba:18:c7:05:3c:2fSigner
Actual PE Digest78:ba:bb:85:f1:26:fb:8a:e1:fe:8e:0d:ff:ad:ba:18:c7:05:3c:2fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindResourceA
LoadResource
Sleep
GetProcAddress
LockResource
GetModuleHandleA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
GetLastError
HeapFree
HeapAlloc
GetModuleHandleW
ExitProcess
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
LoadLibraryW
GetLocaleInfoW
GetStringTypeW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
GetProcessHeap
Sections
.text Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 428KB - Virtual size: 427KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ