Batch_3[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_3.zip
Size

8.3MB
MD5

41c0c04ff68dd76a7c376f209e4b1413
SHA1

c462551de41e5277ec3ad8f911c37f92312999f8
SHA256

7e7c00740baa58af22ef6f825d86344732464a4e325b5eb6f93f33898de079fa
SHA512

d30f8278362b5c4ecc010c50050d4e33d16a5abb62f98cae7edd6223e10a8b285185a177c60e8035d0d95321a59caa669cc62f7bdb97fb93d50c6e8a176a045f
SSDEEP

196608:YWTkVZgeNSKZWAyuUlOkZPk21Dwi8M/6p/JsMjKl8JVCXHXjPxZlLMTcOBZe:bofgegKZ1mlVxbJwbiaKKVC3X9l

Score

6^/10

upx

Malware Config

Signatures

Declares broadcast receivers with permission to handle system events 1 IoCs

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/54ab323053f1138e5ccaa8f8afaa38cabca9491f.exe	upx
static1/unpack001/70774372517532ae1dcb97a7133983811d5cc7d2975cd58a1f132f2ef100c5e9.exe	upx

Unsigned PE 30 IoCs

Checks for missing Authenticode signature.

resource
unpack001/516874.exe
unpack001/5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2.exe
unpack001/54ab323053f1138e5ccaa8f8afaa38cabca9491f.exe
unpack002/out.upx
unpack001/5600.exe
unpack001/56a9736b82bc9f65ddad590d1edfd9df26b5d97ecfeb48787f6ccc00ce26597a.exe
unpack001/59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa_PonyNews.exe
unpack001/5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd_Stealer_2.dll
unpack001/5c6416f819bfbca2f1862691a03f68be.exe
unpack001/5f1fcdfb951dc4642ce136a5d3e6bc42021f8e0cd631975a5eb3842da020531c.exe
unpack001/5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9.exe
unpack001/61318fa1f1db342045573d584badc254c9e2578db916594dc749d8cc44ce8ac4_Dumped_TDS=4F8C315F.exe
unpack001/61318fa1f1db342045573d584badc254c9e2578db916594dc749d8cc44ce8ac4_TDS=4F91F15B.exe
unpack001/6184f1def457c10b2ae10a33b8639c89cb0115061c3d424d330342b44d4179aa_not_packed_maybe_useless.exe
unpack001/61bc10e8ede3997da73b3de9fa57b059e352b592404fb9c171469c4026fdc03e.exe
unpack001/62ebcfeeff976f3635e36544b9f6d6282a565ea6a0b4d8319d9831ce68ef26df_Dumped_TDS=4F854EC3.exe
unpack001/62ebcfeeff976f3635e36544b9f6d6282a565ea6a0b4d8319d9831ce68ef26df_TDS=4F8644BB.exe
unpack001/647f242.exe.vir.exe
unpack001/64bfea1efccb47a049ba2cb592878e5c415cc70f9488dd97291c1356e3d79299.exe
unpack001/64f540a7c6ded1c751c9a66629fd2aaa6cdd61749f05c8d0760a1aaeb5548935_Dumped_TDS=4F9911B3.exe
unpack001/64f540a7c6ded1c751c9a66629fd2aaa6cdd61749f05c8d0760a1aaeb5548935_TDS=4F9DB277.exe
unpack001/6916a006c429a3b3a76dfa8c162ddab178b5a20763493506deeb9447875d039a.exe
unpack001/6f772eb660bc05fc26df86c98ca49abc.exe
unpack001/70774372517532ae1dcb97a7133983811d5cc7d2975cd58a1f132f2ef100c5e9.exe
unpack001/7175d6bb11dea0932bd4b611d0f7221b62a71dbc54607e97ad397f104bcffa2b.exe
unpack001/728733095fe2c66f91a19ebde412dd25_70186ceb735016eadd98466e62c03635_TheLastReveton.exe
unpack001/73c3d88d0d9d1c73080bcdda423879ce9eff3aa1f26cc93d120f596091825960_Dumped_TDS=4F8C315F.exe
unpack001/73c3d88d0d9d1c73080bcdda423879ce9eff3aa1f26cc93d120f596091825960_TDS=4F8DFBBF.exe
unpack001/74add6536cdcfb8b77d10a1e7be6b9ef.exe
unpack001/757a661bcc68616f99366b10abac92d8.exe

Files

Batch_3.zip
.zip
516874.exe
.exe windows:4 windows x86 arch:x86

47b0da2d13e0214f54c3bd05550e8319

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncmp
memmove
strncpy
strstr
_strnicmp
_stricmp
strlen
strcmp
memcpy
sprintf
fabs
ceil
malloc
floor
free
fclose
strcpy
tolower

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
RemoveDirectoryA
GetExitCodeProcess
GetTempFileNameA
GetCommandLineA
GetNativeSystemInfo
FindResourceA
LoadResource
SizeofResource
GetShortPathNameA
GetWindowsDirectoryA
GetSystemDirectoryA
HeapAlloc
HeapFree
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
CreateFileA
ReadFile
WriteFile
SetFilePointer
DeleteFileA
GetFileSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
SetLastError
HeapSize
TlsAlloc
CreateDirectoryA
GetTempPathA
SetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte

user32

CharUpperA
CharLowerA
MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetDC
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetParent
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA

gdi32

GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA

winmm

timeBeginPeriod

shlwapi

PathQuoteSpacesA
PathAddBackslashA
PathRemoveArgsA
PathGetArgsA
PathRenameExtensionA
PathUnquoteSpacesA

Sections

.code
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5479329c03e12e27adc81caeefe1a1dc26bf59d4dac36dd2eae008213e8fe0a2.exe
.exe windows:4 windows x86 arch:x86

9a3d6959e6823cfab73700f601ca3412

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioWrite
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveOutWrite
waveInUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen
mmioDescend
mmioClose
mmioRead
waveInStop
waveInReset
waveInClose
waveOutUnprepareHeader
waveInOpen
mmioAscend

mfc42

ord4998
ord2379
ord2302
ord567
ord1168
ord1146
ord3574
ord823
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord817
ord348
ord565
ord825
ord2726
ord4226
ord537
ord800
ord1105
ord518
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord2514
ord2621
ord1134
ord641
ord609
ord2256
ord5265
ord4376
ord4853
ord1576
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402

msvcrt

_except_handler3
_controlfp
_onexit
__dllonexit
_setmbcp
__set_app_type
__CxxFrameHandler
memset
strcpy
sprintf
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

kernel32

WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
CreateFileA
GetModuleFileNameA
ResetEvent
Sleep
GetCurrentThreadId
WaitForMultipleObjects
GetLastError
SetEvent

user32

LoadIconA
PostThreadMessageA
PostQuitMessage
EnableWindow

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
54ab323053f1138e5ccaa8f8afaa38cabca9491f.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5600.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\220\AESxWin-master\AESxWin-master\AESxWin\obj\Debug\AESxWin.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
56a9736b82bc9f65ddad590d1edfd9df26b5d97ecfeb48787f6ccc00ce26597a.exe
.exe windows:5 windows x86 arch:x86

eadbe699c9f56194b9bbdf2dd7631233

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\ZoomIt\Release\ZoomIt.pdb

Imports

comctl32

ord17

winmm

PlaySoundA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP

msimg32

AlphaBlend

kernel32

GetTickCount
FormatMessageA
lstrcpynA
CreateEventA
GetModuleFileNameA
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
MultiByteToWideChar
GetStringTypeW
FatalAppExitA
CreateSemaphoreW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
MulDiv
GetFileType
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapAlloc
HeapFree
Beep
CloseHandle
SizeofResource
LoadResource
Sleep
WaitForSingleObject
GetLastError
SetThreadPriority
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
GetVersion
LockResource
GetCommandLineW
GetModuleHandleA
LoadLibraryA
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
RaiseException
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
ReadFile
ReadConsoleW
SetEndOfFile
DeleteCriticalSection

user32

FindWindowW
FindWindowA
GetParent
GetDesktopWindow
GetWindowLongA
SetRect
FillRect
GetSysColor
ChildWindowFromPoint
MapWindowPoints
GetClipCursor
ClipCursor
GetCursorPos
LoadIconA
MessageBoxA
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
ChangeDisplaySettingsExA
SystemParametersInfoA
EnumDisplaySettingsA
SetCursorPos
DrawTextA
TrackPopupMenu
InsertMenuA
DestroyMenu
CreatePopupMenu
TranslateAcceleratorA
LoadAcceleratorsA
EnableWindow
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
GetMessageExtraInfo
UnregisterHotKey
RegisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
SetWindowLongA

gdi32

DeleteDC
DeleteObject
Ellipse
GetStockObject
LineTo
Rectangle
SelectObject
CreateSolidBrush
StretchBlt
SetROP2
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
Polygon
CreatePen
CreateFontIndirectA
GetDeviceCaps
StartDocA
SetMapMode
EndDoc
StartPage
EndPage
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
CreateDCA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
ChooseFontA

advapi32

RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoInitialize

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa_PonyNews.exe
.dll windows:4 windows x86 arch:x86

89f11956d650797880cd2c65a388f5a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
CreateMailslotA
SetLocalPrimaryComputerNameW
FindNextFileW
GetLogicalDrives
IsValidLanguageGroup
ReadFileEx
GetSystemWindowsDirectoryW
GetConsoleWindow
GetACP
DosDateTimeToFileTime
ReadConsoleInputA
FindResourceExA
GetSystemPowerStatus
GetCurrencyFormatA
GetSystemTimeAsFileTime
lstrcpynW
GlobalMemoryStatusEx
GetConsoleCommandHistoryLengthW

user32

GetClipboardSequenceNumber
GetClipboardViewer

d3d8

Direct3DCreate8

Exports

Exports

ActionACME

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5C53687F7327933R.js.ViR.js
.js
5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd_Stealer_2.dll
.dll windows:4 windows x64 arch:x64

cc22e5f3a2f7752bb1f0eeb17f2a96f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
ExpandEnvironmentStringsW
FindFirstFileW
FindClose
FindNextFileW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetThreadContext
SetThreadContext
Thread32First
Thread32Next
OpenThread
VirtualProtect
GetCurrentThreadId
SuspendThread
ResumeThread
VirtualQuery
DeleteCriticalSection
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
GetStdHandle
GetModuleFileNameA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
RtlVirtualUnwind
GetTimeZoneInformation
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32Next
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GlobalLock
Process32First
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
LocalFree
CreateThread
CloseHandle
GetLastError
TerminateThread
VirtualFree
WaitForSingleObject

user32

IsWindow
OpenClipboard
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId
ToUnicodeEx
OemToCharA
GetMessageA
SetTimer
PostThreadMessageA
EnumChildWindows
SetWindowsHookExA
CloseClipboard
GetKeyState
CallNextHookEx
DispatchMessageA
GetForegroundWindow
GetClassNameW
GetWindowTextW
GetClipboardData
GetKeyboardLayout
GetGUIThreadInfo
TranslateMessage
KillTimer

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptDecrypt
CryptGetHashParam
CryptAcquireContextA
RegOpenKeyExA
CryptCreateHash
RegEnumValueA
RegEnumValueW
CryptDestroyHash
RegCloseKey
CryptHashData
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumKeyExW
CryptDeriveKey
CryptSetKeyParam

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW

crypt32

CryptUnprotectData

oleacc

AccessibleObjectFromWindow

Sections

.text
Size: 770KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5c6416f819bfbca2f1862691a03f68be.exe
.exe .ps1 windows:16089 windows x86 arch:x86 polyglot

0a93557af273d834d10d3cfe6a2203be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
AddAccessAllowedAce

kernel32

VirtualFree
GetModuleHandleA
GetCurrentThreadId
VirtualAlloc
ExitProcess
GetModuleFileNameA
GetCurrentProcess
LocalFree
GetLastError
GetProcessHeap
LoadLibraryA
GetModuleHandleA

gdi32

SetBkMode
DeleteObject
SetBkColor
BitBlt
CreateSolidBrush
ExtTextOutW
DeleteDC

user32

LoadStringW
DestroyWindow
DestroyWindow
ShowWindow
CreateWindowExW
ShowWindow
SendMessageW
GetDC
PostMessageW
LoadStringW
GetMessageW
DefWindowProcW
GetSystemMetrics
LoadIconW
ReleaseDC
GetDC

shell32

DragAcceptFiles

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5f1fcdfb951dc4642ce136a5d3e6bc42021f8e0cd631975a5eb3842da020531c.exe
.exe windows:4 windows x86 arch:x86

c02ee2da36fedd83f5dd868cf320e1b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageW
SetWindowTextA
ValidateRgn

xolehlp

DtcGetTransactionManagerExW
GetDtcLocaleResourceHandle
DtcGetTransactionManagerExA

shlwapi

SHDeleteEmptyKeyW

msvcrt

memchr
__badioinfo
clock
_ismbblead
_wfindnext
isxdigit
_mbbtype
_ismbbkalnum
_HUGE
_adj_fdiv_m32
_mbbtombc
_wstat64
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
qsort
_strerror

advapi32

RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclA

perfos

OpenOSObject
CloseOSObject

shdocvw

SetQueryNetSessionCount

gdi32

SetArcDirection
SetPaletteEntries
SetPixel
Rectangle
EnumObjects
CloseFigure
SetDCPenColor

shell32

SHGetPathFromIDListW

activeds

PropVariantToAdsType2
ADsBuildVarArrayInt
AdsTypeToPropVariant2
ADsBuildVarArrayStr
ADsBuildEnumerator
ADsEnumerateNext
ConvertSecurityDescriptorToSecDes
ADsGetObject
PropVariantToAdsType
ADsFreeEnumerator
AdsFreeAdsValues
ConvertSecDescriptorToVariant
ADsOpenObject

odbc32

SQLSetParam
SQLBindParameter
SQLColumnsA
SQLSetDescFieldW
SQLGetDescRecW
SQLSetStmtAttrW
SQLSetDescFieldA
SearchStatusCode
SQLColAttributesA
SQLColAttributesW
SQLDisconnect
SQLDataSourcesA
SQLPutData
VFreeErrors
SQLDescribeColW
SQLTablesA
SQLSetCursorNameA
SQLAllocHandleStd
SQLBrowseConnectW
CloseODBCPerfData
SQLSetDescRec
GetODBCSharedData
SQLGetStmtOption
OpenODBCPerfData
SQLSetPos
SQLGetDiagFieldA
SQLMoreResults
SQLSetConnectOptionA
SQLPrimaryKeysW
SQLFreeHandle
SQLGetFunctions
SQLProcedureColumnsA
SQLPrepareW
SQLDataSourcesW
CursorLibLockDbc
SQLFreeEnv
SQLGetData
SQLNativeSqlA
SQLGetConnectAttrW
PostODBCError
SQLSpecialColumnsW
SQLRowCount
SQLSpecialColumnsA
SQLParamOptions
CollectODBCPerfData
SQLSetConnectAttrA
SQLDriverConnectW
SQLColumnPrivilegesW
SQLBrowseConnectA
SQLNumResultCols
SQLGetDescFieldA
SQLColAttributeW
SQLAllocHandle
ODBCSetTryWaitValue
SQLGetTypeInfoW
SQLTablePrivilegesW
ODBCInternalConnectW
SQLSetEnvAttr
SQLFetchScroll
SQLPrepareA
SQLAllocEnv
SQLGetConnectOptionA
SQLTablePrivilegesA
g_hHeapMalloc
ODBCGetTryWaitValue
ValidateErrorQueue
SQLSetScrollOptions
SQLCopyDesc
CursorLibLockDesc
SQLGetCursorNameA
SQLGetInfoW
SQLGetConnectOptionW
SQLCloseCursor
CursorLibTransact
SQLGetStmtAttrA
SQLGetDescRecA
SQLConnectA
SQLErrorA
SQLEndTran
SQLNumParams
SQLForeignKeysW
SQLTransact
SQLDescribeParam
SQLGetInfoA
SQLBindParam
SQLFreeStmt
SQLCancel
SQLSetConnectAttrW
SQLFreeConnect
SQLGetDiagRecA
SQLPrimaryKeysA
SQLParamData
SQLExecute
SQLProceduresW
LockHandle
SQLExecDirectA
SQLGetCursorNameW
SQLTablesW
PostComponentError
SQLDriversW
SQLGetDiagFieldW
CursorLibLockStmt
ODBCQualifyFileDSNW
SQLFetch
SQLStatisticsW
SQLExecDirectW
SQLDescribeColA
PostODBCComponentError
SQLGetEnvAttr
SQLForeignKeysA
SQLColumnPrivilegesA
SQLAllocConnect
SQLDriverConnectA
DllBidEntryPoint
SQLNativeSqlW
SQLGetConnectAttrA
SQLBulkOperations

kernel32

GetModuleHandleA
GetModuleHandleA
CloseHandle
GetProcAddress
SetupComm
SetComputerNameExW
SetThreadLocale
LoadLibraryA
SetEnvironmentVariableW
VirtualAlloc
FindResourceExW
RaiseException
SetCommTimeouts
SetConsoleCursorPosition
SetCurrentDirectoryW
lstrcmpA
EnumUILanguagesW
GetStartupInfoA

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5fc92308120aa10dc1062c4c319559ed0b1308befe117d5cafa283e245bea1e9.exe
.exe windows:5 windows x86 arch:x86

1c905d3d4c93b0360c86a969e3123c38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtQueryInformationFile
NtClose
NtReadFile
NtWriteFile

shlwapi

PathCombineW

kernel32

InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
SetLastError
TlsFree
DecodePointer
GetCurrentProcess
GetTickCount
GetCurrentThread
GetProcessHeap
GetProcessTimes
GetCurrentThreadId
GetCurrentProcessId
GetThreadTimes
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
InterlockedCompareExchange
HeapDestroy
HeapCreate
HeapSize
MultiByteToWideChar
SetUnhandledExceptionFilter
CreateDirectoryW
GetFileAttributesW
CreateFileW
GetLastError
SetFileAttributesW
GetModuleHandleW
GetProcAddress
LocalFree
GetFileType
GetSystemTimeAsFileTime
GetVersionExW
GetThreadContext
SetThreadContext
CreateProcessW
VirtualFreeEx
TerminateProcess
GetModuleFileNameW
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
CreateThread
CreateMutexW
IsProcessorFeaturePresent
InitializeCriticalSection
Sleep
LeaveCriticalSection
OpenMutexW
EnterCriticalSection
CreateEventW
DeleteCriticalSection
WTSGetActiveConsoleSessionId
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
LCMapStringW
GetStringTypeW
LoadLibraryW
GetNativeSystemInfo
WaitForSingleObject
HeapSetInformation
GetCommandLineA

user32

GetFocus
GetCapture
GetKBCodePage
GetForegroundWindow
GetDesktopWindow
GetActiveWindow
GetShellWindow
GetOpenClipboardWindow
GetClipboardOwner

advapi32

RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

shell32

SHGetFolderPathW
ShellExecuteExW
ord680

ole32

CoInitializeEx

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
61318fa1f1db342045573d584badc254c9e2578db916594dc749d8cc44ce8ac4_Dumped_TDS=4F8C315F.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
61318fa1f1db342045573d584badc254c9e2578db916594dc749d8cc44ce8ac4_TDS=4F91F15B.exe
.exe windows:4 windows x86 arch:x86

68996d733e6cdc66082ec159f382bc23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetEnvironmentStringsW
GetCommandLineW
GetCurrentProcessId
GetPriorityClass
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_exit
_onexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6184f1def457c10b2ae10a33b8639c89cb0115061c3d424d330342b44d4179aa_not_packed_maybe_useless.exe
.exe windows:5 windows x86 arch:x86

d5d6342866713cb2d8a3b0ee026ddd26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\my projects\dilly\output\Release\locker.pdb

Imports

wininet

InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA

shlwapi

PathCombineW

kernel32

lstrcatA
GetLastError
GetModuleHandleA
CloseHandle
GetVersion
lstrcpyA
WaitForSingleObject
Sleep
GetCurrentProcessId
GetTickCount
ExitProcess
GetFileSize
lstrlenA
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
lstrlenW
FlushFileBuffers
GetProcAddress
DeleteFileW
SetFileAttributesW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
HeapSize
GetVersionExA
CreateProcessW
GetCurrentProcess
InitializeCriticalSection
OpenProcess
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
CreateThread
OpenEventA
CreateMutexA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetFileType
GetCurrentDirectoryA
SetEvent
WTSGetActiveConsoleSessionId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
RaiseException
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
GetStdHandle
DecodePointer
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
CopyFileW
GetUserGeoID
CreateDirectoryW
GetComputerNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
LCMapStringW
IsProcessorFeaturePresent
RtlUnwind
EnterCriticalSection
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetStringTypeW
GetSystemTimeAsFileTime

user32

PostMessageA
GetClientRect
SetWindowLongA
GetWindowLongA
RegisterClassExA
PostQuitMessage
TranslateMessage
UnregisterClassA
CreateWindowExA
DefWindowProcA
DispatchMessageA
MessageBoxW
GetSystemMetrics
UpdateWindow
EnumWindows
ShowWindow
IsWindowVisible
EnableWindow
ExitWindowsEx
GetMessageA
GetWindowThreadProcessId

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegOpenKeyA
RegCreateKeyExA
SetSecurityDescriptorSacl

shell32

ord680
SHGetFolderPathW

ole32

OleUninitialize
OleSetContainedObject
CoGetClassObject
OleInitialize

oleaut32

SysAllocString
VariantClear
VariantInit

Exports

Exports

_dll_entry@16

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
61bc10e8ede3997da73b3de9fa57b059e352b592404fb9c171469c4026fdc03e.exe
.exe windows:4 windows x86 arch:x86

fc04df4eefe1376d15e9da5c7e4add82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\myapp\myapp.pdb

Imports

kernel32

VirtualAlloc
LoadLibraryA
VirtualProtect
GetProcAddress
GetModuleHandleA
WaitForSingleObject
GetProcessHeap
ResetEvent
VirtualQuery
VirtualFree
FlushFileBuffers
SetStdHandle
SetFilePointer
GetLocaleInfoA
LCMapStringW
LCMapStringA
HeapSize
GetSystemTimeAsFileTime
Sleep
IsBadCodePtr
CreateEventA
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapAlloc
HeapReAlloc
MultiByteToWideChar
GetSystemInfo
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
GetStringTypeA
GetStringTypeW
ReadFile
QueryPerformanceCounter
GetTickCount
CloseHandle

user32

EndPaint
IsZoomed
GetLastActivePopup
LoadAcceleratorsA
CreateWindowExA
IsIconic

gdi32

SelectObject
PatBlt

winscard

SCardEstablishContext

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6217ea6bb87295983c4915a4d97c7e4142effef95d1e815693a72ea3a73b45f5.exe
.apk android

dwag.jvykqfj.brgnx

Rwoebiti

Activities

Rwoebiti

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.GET_ACCOUNTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.GET_TASKS
android.permission.WRITE_SETTINGS
android.permission.VIBRATE
android.permission.READ_CONTACTS

Receivers

dwag.jvykqfj.brgnx.Mlwtmixb

android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

dwag.jvykqfj.brgnx.Hmydf

android.app.action.ACTION_DEVICE_ADMIN_DISABLED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED

Services
62ebcfeeff976f3635e36544b9f6d6282a565ea6a0b4d8319d9831ce68ef26df_Dumped_TDS=4F854EC3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
62ebcfeeff976f3635e36544b9f6d6282a565ea6a0b4d8319d9831ce68ef26df_TDS=4F8644BB.exe
.exe windows:4 windows x86 arch:x86

7f4967574388561c50da7cebe40fecc5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
CreateEventA
CreateSemaphoreA
CreateMutexA
GetVersionExA
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

shlwapi

UrlCombineA

setupapi

SetupGetFieldCount

msvcrt

__setusermatherr
_onexit
__dllonexit
memcpy
_controlfp
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
647f242.exe.vir.exe
.exe windows:5 windows x86 arch:x86

09c8b4257dfa7259fcc0851bc16dfa2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
ScreenToClient
GetCursorPos
SetFocus
CheckRadioButton
IsWindowEnabled
GetClipboardData
IsZoomed
KillTimer
SetWindowLongA
SetWindowPos
GetWindowRect
SetClipboardData
GetAsyncKeyState
wvsprintfA
CloseClipboard
CallWindowProcA
MessageBeep
wsprintfA
MessageBoxA
CharUpperA
OpenClipboard
EnumClipboardFormats
DestroyMenu
GetMenuItemInfoW
LoadCursorFromFileW
DispatchMessageA
NotifyWinEvent
DdeUninitialize
EnumPropsExW
CreateCaret
UnionRect
InsertMenuA
ShowWindow
SetMenuItemInfoA
AppendMenuA
CreatePopupMenu
SetWindowTextA
DestroyIcon
LoadIconA
InvalidateRect
CharLowerA
LoadBitmapA
SetDlgItemTextA
GetDlgItemTextA
GetSysColorBrush
DestroyCursor
SetClassLongA
LoadCursorA
GetParent
EnableWindow
GetWindowTextA
EnableMenuItem
IsIconic
MoveWindow
GetWindowDC
TrackPopupMenu
CheckMenuRadioItem
SetTimer
GetActiveWindow
GetClassInfoA
DialogBoxParamA
FindWindowA
SetForegroundWindow
CheckDlgButton
GetDlgItem
EndDialog
IsDlgButtonChecked
SendDlgItemMessageA
EmptyClipboard

comdlg32

CommDlgExtendedError
ChooseFontA
ChooseColorA

shell32

ShellExecuteA
DragQueryFileW
ExtractIconExA
DragAcceptFiles
DuplicateIcon
ExtractIconExW
ExtractAssociatedIconW
ShellExecuteW

ole32

CoUninitialize
CoDisconnectObject
StringFromCLSID
CoTaskMemAlloc
OleSetMenuDescriptor
OleDraw
IsAccelerator
OleRegEnumVerbs
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromProgID
OleInitialize
CoLockObjectExternal
CoGetClassObject
OleSetContainedObject
ProgIDFromCLSID
CoCreateInstance
RevokeDragDrop
CoGetInterfaceAndReleaseStream
CoTaskMemFree
RegisterDragDrop
ReleaseStgMedium
CoInitialize

advapi32

RegQueryValueA
RegCreateKeyA
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
LookupPrivilegeDisplayNameA
RegEnumKeyW
EnumDependentServicesW

shlwapi

PathRemoveFileSpecW

kernel32

HeapReAlloc
HeapAlloc
LCMapStringW
RtlUnwind
GetTickCount
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
MultiByteToWideChar
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
HeapFree
DeleteCriticalSection
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
IsProcessorFeaturePresent
GetTimeZoneInformation
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
EnterCriticalSection
GetStartupInfoW
HeapSetInformation
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
MoveFileA
GetLastError
SetThreadAffinityMask
GetSystemPowerStatus
GenerateConsoleCtrlEvent
FillConsoleOutputAttribute
BuildCommDCBAndTimeoutsA
LoadLibraryW
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GlobalUnfix
lstrcpynA
lstrcatA
lstrlenA
CreateProcessA
WideCharToMultiByte
lstrlenW
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcess
TerminateProcess
VirtualProtectEx
WriteFile
FindClose
FindNextFileA
LoadLibraryA
SetFilePointer
SetThreadPriority
VirtualFree
IsBadReadPtr
lstrcmpiA
ExitProcess
SetFileAttributesA
OutputDebugStringA
lstrcpyA
GetFileAttributesA
ResumeThread
GetCurrentThread
DeleteFileA
GetTempPathA
SetPriorityClass
HeapSize
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
CreateFileW
LeaveCriticalSection
CreateFileA
VirtualQueryEx
lstrcmpA
CloseHandle
GetCommandLineA
VirtualAlloc
FindFirstFileA
GetPriorityClass
ReadFile
Sleep
GetCurrentProcessId
WriteProcessMemory
GetProcAddress
GetModuleHandleA
ReadProcessMemory
OpenProcess
GetFileSize
SetCurrentDirectoryA
GetModuleFileNameA
VirtualLock
VirtualUnlock
GetPrivateProfileStringA
WritePrivateProfileStringA
SetEndOfFile
CreateFileMappingA
MapViewOfFile
CopyFileA
WaitForSingleObject
CreatePipe
GetStartupInfoA
MulDiv
UnmapViewOfFile
GetCurrentDirectoryA
WritePrivateProfileStructA
GetPrivateProfileStructA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
64bfea1efccb47a049ba2cb592878e5c415cc70f9488dd97291c1356e3d79299.exe
.exe windows:5 windows x86 arch:x86

14af9ce10d5934ed28f640cdf51b6948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
lstrlenA
lstrcpynW
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpW
lstrcmpA
lstrcatW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WriteConsoleInputW
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
UnregisterWait
UnmapViewOfFile
TlsSetValue
TlsGetValue
TerminateThread
TerminateProcess
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
BackupSeek
SizeofResource
SetupComm
SetThreadPriority
SetLocaleInfoW
SetEnvironmentVariableW
SetEndOfFile
SetCurrentDirectoryW
SetConsoleActiveScreenBuffer
SearchPathW
RtlUnwind
ReadFile
ReadConsoleOutputAttribute
RaiseException
OutputDebugStringW
OpenFileMappingW
OpenEventW
MoveFileWithProgressA
LocalSize
LocalAlloc
LoadLibraryW
LoadLibraryExW
LoadLibraryExA
IsValidCodePage
InitializeCriticalSectionAndSpinCount
Heap32ListNext
Heap32ListFirst
GlobalMemoryStatusEx
GetVersionExW
GetVersionExA
GetTempFileNameW
GetSystemTime
GetSystemDirectoryW
GetStringTypeW
GetStringTypeExW
GetStdHandle
GetProcessShutdownParameters
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetNamedPipeInfo
GetModuleHandleW
GetModuleFileNameW
GetLastError
GetFileType
GetFileSize
GetExitCodeProcess
GetEnvironmentStrings
GetConsoleTitleA
GetConsoleScreenBufferInfo
GetConsoleAliasExesA
GetCompressedFileSizeA
GetCommandLineW
GetCommMask
GetCPInfo
GetACP
FindResourceW
FindResourceExW
FindNextFileW
FindFirstVolumeMountPointA
ExpandEnvironmentStringsW
ExitProcess
DeleteFileW
CreateSemaphoreW
CreateProcessW
CreateMutexW
CreateJobObjectA
CreateFileW
CreateFileMappingW
CreateEventW
CloseHandle

user32

EnumClipboardFormats
GetAsyncKeyState
GetMenuContextHelpId
GetQueueStatus
GetMenu
GetParent
GetListBoxInfo
GetMenuItemCount
GetKeyboardType
GetDlgCtrlID
GetKeyboardLayout
GetKeyState
GetTopWindow
GetWindowContextHelpId
GetThreadDesktop
GetWindowDC
GetClipboardData
GetLastActivePopup
GetSysColor
GetSystemMetrics
GetSysColorBrush
wvsprintfW
wsprintfW
WinHelpW
UnregisterClassW
SystemParametersInfoA
SetWindowWord
SetWindowTextW
SetWindowLongW
SetSystemCursor
SetDlgItemTextW
SetCursorPos
SendMessageW
RegisterWindowMessageW
RegisterClassExW
PostThreadMessageW
PostMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW
MessageBoxExW
MapVirtualKeyExW
LoadStringW
LoadMenuW
LoadImageW
LoadImageA
LoadIconW
LoadCursorW
IsMenu
IsHungAppWindow
IsDialogMessageW
IsCharAlphaNumericW
InsertMenuW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
GetSubMenu
GetScrollRange
GetNextDlgTabItem
GetMessageW
GetMenuDefaultItem
GetKeyNameTextA
GetDlgItemTextW
GetDC
GetClassLongW
GetClassInfoExA
FindWindowExW
EqualRect
EndDialog
DrawTextA
DrawMenuBar
DrawFocusRect
DlgDirSelectExA
DlgDirListComboBoxW
DispatchMessageW
DialogBoxParamW
DefWindowProcW
DdeNameService
DdeInitializeW
CreateWindowExW
CreateDialogParamW
CreateDialogParamA
CreateAcceleratorTableW
CopyRect
ChildWindowFromPointEx
CharUpperW
CharPrevW
CharNextW
CharLowerW
ChangeMenuA
CallWindowProcW
CallMsgFilterW
CallMsgFilter
BlockInput
SendDlgItemMessageW

gdi32

Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePolyPolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontW
CreateFontIndirectW
CreateFontA
CreateEllipticRgnIndirect
CreateDIBitmap
CreateDIBSection
CreateDIBPatternBrushPt
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateColorSpaceW
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
BitBlt
ArcTo
GdiConvertMetaFilePict
GdiEntry13
GdiFlush
GdiGetLocalFont
GdiPlayScript
GdiProcessSetup
GdiQueryTable
GetAspectRatioFilterEx
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetClipRgn
GetCurrentObject
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetETM
EndDoc
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetLogColorSpaceA
GetMetaFileBitsEx
GetMetaFileW
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStringBitmapW
GetSystemPaletteEntries
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointI
GetTextFaceA
GetTextFaceW
GetTextMetricsW
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
ModifyWorldTransform
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RemoveFontResourceExA
ResizePalette
RestoreDC
RoundRect
STROBJ_dwGetCodePage
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
EndPage
EngUnicodeToMultiByteN
EnumICMProfilesA
ExcludeClipRect
ExtTextOutW
FONTOBJ_pfdg
GetEnhMetaFileBits
UpdateColors
UnrealizeObject
TextOutA
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetICMProfileA
SetEnhMetaFileBits
SetDIBitsToDevice
FrameRgn

advapi32

RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
GetUserNameW

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
64f540a7c6ded1c751c9a66629fd2aaa6cdd61749f05c8d0760a1aaeb5548935_Dumped_TDS=4F9911B3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
64f540a7c6ded1c751c9a66629fd2aaa6cdd61749f05c8d0760a1aaeb5548935_TDS=4F9DB277.exe
.exe windows:5 windows x86 arch:x86

8df8842017f9ad4c4915158983df9eb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPriorityClass
GetEnvironmentStringsW
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_exit
_XcptFilter
exit
_onexit
__getmainargs
_initterm
__setusermatherr
_acmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6916a006c429a3b3a76dfa8c162ddab178b5a20763493506deeb9447875d039a.exe
.exe windows:4 windows x86 arch:x86

2822bf40fb6766760030dc21a28bab49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
ord690
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFpCDblR8
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaForEachCollAd
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
ord661
ord662
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
ord594
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaForEachCollVar
ord520
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaNextEachCollVar
__vbaObjVar
__vbaPrintObj
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaVarMul
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord531
ord716
__vbaFPException
ord532
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
ord536
ord645
_CIlog
__vbaFileOpen
__vbaR8Str
__vbaVar2Vec
__vbaNew2
ord571
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaVarTstNe
__vbaI4Var
__vbaForEachAry
ord689
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord612
__vbaVarLateMemCallLd
__vbaFpI4
ord617
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
ord619
__vbaR8IntI4
ord650
_allmul
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf.exe
.exe .docm office2007
6f772eb660bc05fc26df86c98ca49abc.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
70774372517532ae1dcb97a7133983811d5cc7d2975cd58a1f132f2ef100c5e9.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 1000KB - Virtual size: 1000KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
7175d6bb11dea0932bd4b611d0f7221b62a71dbc54607e97ad397f104bcffa2b.exe
.exe windows:5 windows x86 arch:x86

88ae6fa15ccf0649efebfb4251d9bdc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoA
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
ExitProcess
CreateDirectoryW
CompareStringW
CloseHandle
GetDriveTypeA
GetDriveTypeW
VirtualAlloc
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetBinaryType
GetCPInfo
GetCommandLineW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetExitCodeThread
GetFileAttributesW
GetFullPathNameW
lstrlenW
lstrcpynW
lstrcpyW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TerminateProcess
SwitchToThread
Sleep
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetTapeParameters
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
RtlUnwind
ResumeThread
ResetEvent
ReadFile
RaiseException
OutputDebugStringW
MultiByteToWideChar
MulDiv
MoveFileExW
LockResource
LockFile
LocalAlloc
LoadResource
LoadLibraryW
LoadLibraryExW
LeaveCriticalSection
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumePathNameW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetSystemInfo
GetStdHandle
GetStartupInfoA
GetShortPathNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetModuleHandleA
CreateEventW
GetLastError

user32

ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendDlgItemMessageW
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongW
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetUserObjectInformationA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorA
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint
wvsprintfA
LoadKeyboardLayoutW
LoadImageA
LoadCursorW
KillTimer
IsZoomed
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
InvalidateRect
IntersectRect
InsertMenuW
InsertMenuItemW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetWindow
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
ReleaseCapture
GetPropW
GetParent
GetMessageTime
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardType
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClipCursor
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FillRect
ExcludeUpdateRgn
EnumWindows
EnumWindowStationsW
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DragDetect
DlgDirSelectExA
DlgDirListComboBoxA
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
PeekMessageA
OffsetRect
OemToCharBuffA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
IsWindowVisible
LoadBitmapW
CharLowerW
LoadIconA
ActivateKeyboardLayout
AdjustWindowRectEx
AttachThreadInput
BeginPaint
CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsExA
CharLowerBuffW
CharNextA
CharNextW
CharToOemW
CharUpperBuffW
MonitorFromWindow
MessageBoxW
MessageBoxA
MapWindowPoints
MapVirtualKeyW
GetQueueStatus
LoadStringW
DefFrameProcA
DdeUninitialize
DdePostAdvise
CreateWindowExW
CreatePopupMenu
CreateMenu
CreateIcon
CloseWindowStation
ClientToScreen
CheckMenuItem
CheckDlgButton
LoadIconW

gdi32

AbortPath
BRUSHOBJ_hGetColorTransform
BitBlt
CancelDC
CloseEnhMetaFile
CopyEnhMetaFileW
CopyMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBPatternBrush
CreateDIBSection
CreateDIBitmap
CreateEnhMetaFileW
CreateFontIndirectW
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EngBitBlt
EnumMetaFile
ExcludeClipRect
FONTOBJ_pQueryGlyphAttrs
FillRgn
FrameRgn
GdiConvertDC
GdiCreateLocalEnhMetaFile
GdiPlayScript
GetBitmapBits
GetBrushOrgEx
GetCharWidthFloatA
GetClipBox
GetColorSpace
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetMetaFileBitsEx
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextCharacterExtra
GetTextExtentPoint32W
GetTextMetricsW
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
HT_Get8BPPFormatPalette
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
QueryFontAssocStatus
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMagicColors
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetVirtualResolution
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject
XFORMOBJ_bApplyXform
ArcTo

advapi32

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegFlushKey
RegOpenKeyExW
RegSetValueExW

shell32

ExtractAssociatedIconA
SHLoadInProc
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExA
SHAppBarMessage
CommandLineToArgvW
DoEnvironmentSubstW
SHLoadNonloadedIconOverlayIdentifiers
ExtractAssociatedIconExW
FindExecutableW
SHAddToRecentDocs

ole32

StringFromCLSID
ProgIDFromCLSID
OleUninitialize
OleSetMenuDescriptor
OleInitialize
OleDraw
IsEqualGUID
IsAccelerator
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitialize
CoGetClassObject
CoCreateInstance
CLSIDFromString

shlwapi

StrChrIW
StrCmpNIA
StrRChrW
StrStrIA
StrChrA
StrStrIW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Write
InitializeFlatSB
_TrackMouseEvent

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

e2
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
728733095fe2c66f91a19ebde412dd25_70186ceb735016eadd98466e62c03635_TheLastReveton.exe
.dll windows:4 windows x86 arch:x86

70186ceb735016eadd98466e62c03635

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFindAtomA
GetModuleFileNameA
GetProcessId
OutputDebugStringW
GlobalFindAtomA

advapi32

CryptHashSessionKey
GetPrivateObjectSecurity
GetCurrentHwProfileA
RegDeleteKeyA
OpenSCManagerW
CryptGetUserKey
MapGenericMask
IsValidAcl
SetSecurityDescriptorDacl
CryptCreateHash
CryptVerifySignatureW
ChangeServiceConfigW
AddAce
CreatePrivateObjectSecurityEx
ImpersonateLoggedOnUser
NotifyBootConfigStatus
IsWellKnownSid
CloseServiceHandle
CryptSetProviderA
CryptGetProvParam
OpenBackupEventLogW
CryptDecrypt

ntdsapi

DsFreeSpnArrayA
DsListInfoForServerA
DsServerRegisterSpnW
DsQuoteRdnValueW
DsReplicaModifyA
DsReplicaConsistencyCheck
DsClientMakeSpnForTargetServerA
DsFreeDomainControllerInfoW
DsListDomainsInSiteW
DsCrackNamesW
DsListDomainsInSiteA
DsFreePasswordCredentials
DsListRolesW
DsFreeNameResultA
DsReplicaSyncW
DsReplicaGetInfoW
DsInheritSecurityIdentityA
DsFreeNameResultW
DsQuoteRdnValueA

msi

ord97
ord58
ord194
ord216
ord129
ord147
ord107
ord168
ord29
ord175
ord118
ord79
ord125
ord123
ord134
ord145
ord171
ord22
ord42
ord45
ord155
ord37
ord27
ord124
ord228
ord190
ord56
ord46
ord231
ord144
ord54
ord95
ord159
ord165

opengl32

glEvalCoord1fv
glMap1d
glClearDepth
glTexGenf
glColorMask
glTexCoord3dv
glDepthFunc
glColor4dv
glColorMaterial
glRasterPos4d
glEdgeFlagPointer
glTexGendv
glFrustum
glEvalMesh2
glIsList
wglShareLists
glNormal3iv
glTexCoord1iv
glEvalCoord2dv
glPixelTransferf
glLighti
glColor4uiv
glColor4ubv
glSelectBuffer
glVertex2s
glRasterPos4f
glColor4s
glIndexsv
glDisableClientState
glClipPlane
glNormalPointer
glVertex4fv
glPixelStorei
glColor3sv
glMap2f
wglCopyContext

urlmon

URLOpenBlockingStreamA
URLDownloadToFileA
CreateAsyncBindCtxEx
ObtainUserAgentString
FindMediaType
URLOpenPullStreamW
CoInternetParseUrl
CoInternetCreateSecurityManager
FindMimeFromData
CoInternetQueryInfo
CoInternetCompareUrl
CoInternetGetSession
CopyStgMedium
CreateAsyncBindCtx
RegisterFormatEnumerator
GetComponentIDFromCLSSPEC
CompareSecurityIds
URLDownloadToCacheFileA
IsLoggingEnabledW
ReleaseBindInfo
URLOpenBlockingStreamW
CoInternetCreateZoneManager
WriteHitLogging
IsLoggingEnabledA
RegisterBindStatusCallback
GetClassFileOrMime
UrlMkSetSessionOption

secur32

ExportSecurityContext
AcceptSecurityContext
VerifySignature
FreeCredentialsHandle
ImportSecurityContextA
CompleteAuthToken
RevertSecurityContext
ImpersonateSecurityContext
AddCredentialsW
QuerySecurityPackageInfoA
AcquireCredentialsHandleA
DeleteSecurityContext
AddCredentialsA
ImportSecurityContextW
ApplyControlToken

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
73c3d88d0d9d1c73080bcdda423879ce9eff3aa1f26cc93d120f596091825960_Dumped_TDS=4F8C315F.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
73c3d88d0d9d1c73080bcdda423879ce9eff3aa1f26cc93d120f596091825960_TDS=4F8DFBBF.exe
.exe windows:4 windows x86 arch:x86

e577ea67c41f48f5c38c1fb02995e080

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetStdHandle
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_exit
_XcptFilter
exit
_onexit
__getmainargs
_initterm
__setusermatherr
_acmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 810B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
74add6536cdcfb8b77d10a1e7be6b9ef.exe
.exe windows:5 windows x86 arch:x86

465d61b1230d37021733c5abb510050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\wisdom\impractical\debate\Count.pdb

Imports

kernel32

RtlUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateFileA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
SetFilePointer
SetStdHandle
LocalFree
GetModuleHandleA
GetConsoleCP
FindNextFileA
LockResource
LocalAlloc
LoadLibraryA
FindClose
RemoveDirectoryA
WriteConsoleA
GetLastError
FindFirstFileA
GetFileAttributesA
CreateEventA
SizeofResource
Sleep
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
CreateIoCompletionPort
FlushFileBuffers
GetCommandLineA
ExitProcess
GetModuleHandleW
OpenProcess
WaitForSingleObject
GetQueuedCompletionStatus
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetProcAddress
MultiByteToWideChar
HeapAlloc
LoadResource
FreeLibrary
lstrlenA
FindResourceA

user32

GetSystemMetrics
PtInRect
UpdateWindow
CallWindowProcA
FindWindowA
SetWindowTextA
GetWindowTextA
GetKeyboardLayout
LoadCursorA
DrawFrameControl
CopyRect
RegisterClassA
SystemParametersInfoA
SetMenu
LoadAcceleratorsA
GetCursorPos
SetWindowPos
DefWindowProcA
EndDialog
GetDlgItem
GetWindowLongA
GetAncestor
InvalidateRect
MessageBoxA
MapWindowPoints
EnumWindows
SetTimer
ScreenToClient
GetWindowRect
PostQuitMessage
SetCapture
KillTimer
DrawTextA
LoadStringA
GetWindowInfo
GetClientRect
CreateMenu
SetFocus
SendMessageA
SetWindowLongA

gdi32

SetDIBitsToDevice
SetTextColor
DeleteDC
CreateFontIndirectA
SetBkColor
CreateBitmap
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SaveDC
ExtTextOutA
RestoreDC
CreateSolidBrush

advapi32

ConvertSidToStringSidA
CreateWellKnownSid
GetTraceEnableLevel

shell32

ExtractAssociatedIconExA

ole32

OleInitialize
OleUninitialize
CoCreateGuid
CoGetClassObject
StringFromGUID2
CoRegisterClassObject
CreateFileMoniker
BindMoniker
CLSIDFromProgID
CoInitializeEx
CoUninitialize

oleaut32

OleTranslateColor
SysAllocStringByteLen
SysFreeString

psapi

GetModuleFileNameExA
EnumProcessModules

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

NotifyAddrChange

shlwapi

StrChrA
StrToIntExA

comctl32

ImageList_BeginDrag
ord17

secur32

InitSecurityInterfaceA

imm32

ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

wsnmp32

ord120

authz

AuthzFreeContext
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzInitializeContextFromSid

wlanapi

WlanEnumInterfaces
WlanOpenHandle

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
757a661bcc68616f99366b10abac92d8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Liridon\source\repos\Foxy - Rnsmwre\Foxy - Rnsmwre\obj\Debug\Foxy - Rnsmwre.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47b0da2d13e0214f54c3bd05550e8319

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

ole32

shell32

winmm

shlwapi

Sections

.code Size: 13KB - Virtual size: 13KB

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

9a3d6959e6823cfab73700f601ca3412

Headers

File Characteristics

Imports

winmm

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 80KB - Virtual size: 78KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 6KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 28KB

.rsrc Size: 19KB - Virtual size: 19KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 311KB - Virtual size: 310KB

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 512B - Virtual size: 12B

eadbe699c9f56194b9bbdf2dd7631233

Headers

File Characteristics

PDB Paths

Imports

comctl32

winmm

gdiplus

msimg32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

.code
Size: 13KB - Virtual size: 13KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 80KB - Virtual size: 78KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 28KB

.rsrc
Size: 19KB - Virtual size: 19KB

.text
Size: 311KB - Virtual size: 310KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 16KB

.reloc
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.text
Size: 249KB - Virtual size: 248KB

.data
Size: 98KB - Virtual size: 102KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 770KB - Virtual size: 769KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 17KB - Virtual size: 32KB

.pdata
Size: 44KB - Virtual size: 44KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 388KB - Virtual size: 676KB

.rdata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 12KB