blackmoon | Batch_4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_4.zip
Size

8.6MB
MD5

3179e3edf25f87e78f2fd054faf6ae60
SHA1

7648fb854c73c9a191b935278bcefd58cc5ad3fc
SHA256

471f3fb1a953fab38be3081eb835574694bc72b94f239edc400d1ce3d7a8ecb0
SHA512

b7d25a1a9008d363058192cd353fdd58c504db313bbcd9bf1090688c8af735f696c8a0551b3023f948de66f9f33c20c5cee18bde680afe7b2e2b60074f8abab7
SSDEEP

196608:ttxPNvdJy9CNBi63RgR+itIShWmG9E6rHm5F2T97o:Vh7iCNveR+ipWmNEBo

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/a322da0be4f0be8d85eab815ca708c8452b63f24d0e2d2d6d896a9f9331a6244.exe	family_blackmoon

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack001/78db508226ccacd363fc0f02b3ae326a2bdd0baed3ae51ddf59c3fc0fcf60669.exe	autoit_exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/97512f4617019c907cd0f88193039e7c.exe	upx
static1/unpack001/98aadc95c589e064a542802bbf0ef01ef00595c34d195f1a1e6443909846d2e7.exe	upx

Unsigned PE 37 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/757e3242f6a2685ed9957c9e66235af889a7accead5719514719106d0b3c6fb4.exe
unpack001/76fe72e0ecdc389b5749df5fe406cb70110b1ef8b64e51cf0a96da2fa2ec5eb2_not_packed_maybe_useless.exe
unpack001/78d4cf8df6fe5717a0f4bad6cbfce6546fb59a45ee0ac3797b264b28e24ddc0b_Dumped_TDS=4F9911B3.exe
unpack001/78d4cf8df6fe5717a0f4bad6cbfce6546fb59a45ee0ac3797b264b28e24ddc0b_TDS=4FA04B59.exe
unpack001/78db508226ccacd363fc0f02b3ae326a2bdd0baed3ae51ddf59c3fc0fcf60669.exe
unpack001/7965f6adf3261e8820fe583e94dcb2d17dc665efa0442743e47d27c989fcb05f_not_packed_maybe_useless.exe
unpack001/7B75B33BCF4ECF013B93F84ED98B3FB5.exe
unpack001/7E3903944EAB7B61B495572BAA60FB72.EXE
unpack001/7dd93123078b383ec179c4c381f9119f4eac4efb287fe8f538a82e7336dfa4ca.exe
unpack001/7e4c9a7e391be4367d79bd1ab92b748d440e13fd5ca6c0820b30e6e9c670871f.exe
unpack001/80eb72d78175761e34378e06a5ca13b26edd6c47ee18e0d222fa068a249785f2_Dumped_TDS=4F9911B3.exe
unpack001/80eb72d78175761e34378e06a5ca13b26edd6c47ee18e0d222fa068a249785f2_TDS=4FAAF59A.exe
unpack001/845263c86931440e934cf40f4461dc14903a474f6f5eab4773482842855ba1c8.exe
unpack001/85242241870190a81b55d0ea723c25391fff14140bac149a32630c5f892a3a8f.exe
unpack001/86be3831f5d8a975b0924168117fc7fcd1f5067ac5935c657efbb4798cb6a439.exe
unpack001/8791931bac7d8afbb30dc1d32a4dd54ee59a2160580a83d822a927039d8ca98f_Dumped_TDS=4F83FCDA.exe
unpack001/8791931bac7d8afbb30dc1d32a4dd54ee59a2160580a83d822a927039d8ca98f_TDS=4F84A969.exe
unpack001/87a4f3f9f6dc263378f2f01db5f2c988.exe
unpack001/89fb6d7ff29b0c349c19df2e81028a62a2758c33f2c72b87dc11af4f22d3c6f6.exe
unpack001/8c591485357e45a09dad3116496e6f686fa11f445a6bea5ef3cd5ed1ac078821.exe
unpack001/8d372fcf8a97223ebb86cdfe707d3035dfbfd4501c5688cfa82a9a4889e637e0.exe
unpack001/900.exe
unpack001/911d5905cbe1dd462f171b7167cd15b9.exe
unpack003/Saldo.Pdf______________________________________________________________.exe
unpack001/92ac6be4d9215b237d624177ca0543844d0dc8d071660ae4a4cf7c93cc11505b.exe
unpack001/97512f4617019c907cd0f88193039e7c.exe
unpack004/out.upx
unpack001/98aadc95c589e064a542802bbf0ef01ef00595c34d195f1a1e6443909846d2e7.exe
unpack005/out.upx
unpack001/9943256.exe
unpack001/9B9517FA1515F47A502FE56536236A20BE5BBADF.exe
unpack006/$PLUGINSDIR/System.dll
unpack006/$PLUGINSDIR/nsDialogs.dll
unpack006/unneighbourliness.dll
unpack001/9b7eaffe4dffcbd06445d0b32785cdc8.exe
unpack001/a322da0be4f0be8d85eab815ca708c8452b63f24d0e2d2d6d896a9f9331a6244.exe
unpack001/a42252e674a09a0b689e71c88f59969f538a473da647cc4eb5457a5d5e03a234.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/9B9517FA1515F47A502FE56536236A20BE5BBADF.exe	nsis_installer_1
static1/unpack001/9B9517FA1515F47A502FE56536236A20BE5BBADF.exe	nsis_installer_2

Files

Batch_4.zip
.zip
757e3242f6a2685ed9957c9e66235af889a7accead5719514719106d0b3c6fb4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
76fe72e0ecdc389b5749df5fe406cb70110b1ef8b64e51cf0a96da2fa2ec5eb2_not_packed_maybe_useless.exe
.exe windows:5 windows x86 arch:x86

0e19eece28bfc9b0d635ed4ec3d29752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\my projects\backup\dilly\output\Release\locker.pdb

Imports

wininet

InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA

shlwapi

PathCombineW

kernel32

lstrcatA
GetLastError
GetModuleHandleA
CloseHandle
GetVersion
lstrcpyA
WaitForSingleObject
Sleep
GetCurrentProcessId
GetTickCount
ExitProcess
GetFileSize
lstrlenA
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
lstrlenW
FlushFileBuffers
GetProcAddress
DeleteFileW
SetFileAttributesW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
HeapSize
GetVersionExA
CreateProcessW
GetCurrentProcess
InitializeCriticalSection
OpenProcess
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
EnterCriticalSection
CreateThread
CreateMutexA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetFileType
GetCurrentDirectoryA
WTSGetActiveConsoleSessionId
GetEnvironmentStringsW
QueryPerformanceCounter
FreeEnvironmentStringsW
GetModuleFileNameA
RaiseException
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
GetStdHandle
DecodePointer
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
CopyFileW
GetUserGeoID
CreateDirectoryW
GetComputerNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
LCMapStringW
IsProcessorFeaturePresent
RtlUnwind
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetStringTypeW
GetSystemTimeAsFileTime

user32

PostMessageA
GetClientRect
SetWindowLongA
GetWindowLongA
RegisterClassExA
PostQuitMessage
TranslateMessage
UnregisterClassA
CreateWindowExA
DefWindowProcA
DispatchMessageA
MessageBoxW
GetSystemMetrics
UpdateWindow
EnumWindows
ShowWindow
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetMessageA
EnableWindow

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegOpenKeyA
RegCreateKeyExA
SetSecurityDescriptorSacl

shell32

ord680
SHGetFolderPathW

ole32

OleUninitialize
OleSetContainedObject
CoGetClassObject
OleInitialize

oleaut32

SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
78d4cf8df6fe5717a0f4bad6cbfce6546fb59a45ee0ac3797b264b28e24ddc0b_Dumped_TDS=4F9911B3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
78d4cf8df6fe5717a0f4bad6cbfce6546fb59a45ee0ac3797b264b28e24ddc0b_TDS=4FA04B59.exe
.exe windows:4 windows x86 arch:x86

8df8842017f9ad4c4915158983df9eb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPriorityClass
GetEnvironmentStringsW
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_exit
_XcptFilter
exit
_onexit
__getmainargs
_initterm
__setusermatherr
_acmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
78db508226ccacd363fc0f02b3ae326a2bdd0baed3ae51ddf59c3fc0fcf60669.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7965f6adf3261e8820fe583e94dcb2d17dc665efa0442743e47d27c989fcb05f_not_packed_maybe_useless.exe
.exe windows:5 windows x86 arch:x86

2d0ebb2aeecc9aedb18485a6a2a54c83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\my projects\bbac\output\Release\bbac.pdb

Imports

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetQueryOptionA
InternetConnectA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA

shlwapi

PathCombineW
wvnsprintfA

kernel32

MultiByteToWideChar
CreateThread
GetComputerNameA
CreateDirectoryW
WaitForSingleObject
GetUserGeoID
Sleep
CopyFileW
CreateEventA
GetModuleFileNameW
GetLastError
WTSGetActiveConsoleSessionId
GetModuleHandleA
CreateMutexA
CloseHandle
GetVersion
GetCurrentProcessId
GetFileSize
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
DeleteFileW
SetFileAttributesW
WaitForMultipleObjects
ReleaseMutex
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
CreateProcessW
Process32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
TerminateProcess

user32

DefWindowProcA
CreateWindowExA
UnregisterClassA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
DispatchMessageA
SetWindowLongA
GetClientRect
PostMessageA
SendMessageA
IsWindowVisible
EnableWindow
GetWindowThreadProcessId
ShowWindow
GetSystemMetrics
UpdateWindow
EnumWindows
GetWindowLongA

advapi32

RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegFlushKey
RegCloseKey
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

OleSetContainedObject
OleUninitialize
OleInitialize
CoGetClassObject

oleaut32

VariantClear
VariantInit
SysAllocString

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7B75B33BCF4ECF013B93F84ED98B3FB5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Paco\Desktop\inInvoice\hIDDeN-teAr\obj\Debug\inInvoice.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7E3903944EAB7B61B495572BAA60FB72.EXE
.exe windows:4 windows x86 arch:x86

774803ad6272a6f757a61b9cc3ae489c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
SetFileAttributesA
GetFileAttributesA
IsBadReadPtr
GetSystemDirectoryA
GetTickCount
FreeLibrary
LoadLibraryExA
GetCurrentProcess
Process32First
CreateToolhelp32Snapshot
MoveFileA
SetCurrentDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
FindClose
FindNextFileA
GetFileSize
OpenFileMappingA
WinExec
SetFileTime
GetFileTime
ExitProcess
GetModuleFileNameA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
CreateDirectoryA
WriteFile
SetEndOfFile
LoadLibraryA
SetUnhandledExceptionFilter
CreateFileMappingA
CloseHandle
MapViewOfFile
UnmapViewOfFile
GetLastError
IsBadCodePtr
lstrlenA
OpenProcess
lstrlenW
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
ReleaseMutex
FindFirstFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetVolumeInformationA
GetDiskFreeSpaceA
lstrcmpA
lstrcpyA
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
FlushFileBuffers

user32

wsprintfA
wsprintfW

advapi32

CryptAcquireContextA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDeriveKey
CryptDecrypt
CryptReleaseContext
CryptDestroyKey

ole32

OleUninitialize
OleInitialize

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7dd93123078b383ec179c4c381f9119f4eac4efb287fe8f538a82e7336dfa4ca.exe
.dll windows:5 windows x86 arch:x86

b09cd7cb9ae5a48bd10d5b61d744b752

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

user32.pdb

Imports

gdi32

GetClipRgn
ExtSelectClipRgn
GetHFONT
GetMapMode
SetGraphicsMode
GetClipBox
CreateRectRgn
CreateRectRgnIndirect
SetLayout
GetBoundsRect
ExcludeClipRect
PlayEnhMetaFile
GdiGetBitmapBitsSize
CreatePen
Ellipse
CreateEllipticRgn
GdiFixUpHandle
GetTextCharacterExtra
SetTextCharacterExtra
GetCurrentObject
GetViewportOrgEx
SetViewportOrgEx
PolyPatBlt
CreateBrushIndirect
SetBoundsRect
CopyEnhMetaFileW
CopyMetaFileW
GetPaletteEntries
CreatePalette
SetPaletteEntries
bInitSystemAndFontsDirectoriesW
bMakePathNameW
cGetTTFFromFOT
GetPixel
ExtTextOutA
GetTextCharsetInfo
QueryFontAssocStatus
GetCharWidthInfo
GetCharWidthA
GetTextFaceW
GetCharABCWidthsA
GetCharABCWidthsW
SetBrushOrgEx
CreateFontIndirectW
EnumFontsW
GetTextFaceAliasW
GetTextMetricsW
GetTextColor
GetBkMode
GetViewportExtEx
GetWindowExtEx
GdiGetCharDimensions
GdiGetCodePage
GetTextCharset
GdiPrinterThunk
GdiAddFontResourceW
TranslateCharsetInfo
SaveDC
OffsetWindowOrgEx
RestoreDC
ExtTextOutW
GetObjectType
GetDIBits
CreateDIBSection
SetStretchBltMode
SelectPalette
RealizePalette
SetDIBits
CreateDCW
CreateDIBitmap
CreateCompatibleBitmap
SetBitmapBits
DeleteDC
GdiValidateHandle
GdiDllInitialize
CreateSolidBrush
GetStockObject
CreateCompatibleDC
GdiConvertBitmapV5
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GetRgnBox
CombineRgn
OffsetRgn
MirrorRgn
EnableEUDC
GdiConvertToDevmodeW
GetTextExtentPointA
GetTextExtentPointW
CreateBitmap
SetLayoutWidth
PatBlt
TextOutA
TextOutW
BitBlt
GdiConvertAndCheckDC
StretchBlt
SetRectRgn
GdiReleaseDC
GdiConvertEnhMetaFile
GdiConvertMetaFilePict
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
GetDIBColorTable
GetDeviceCaps
StretchDIBits
GetLayout
SetBkColor
SetTextColor
GetObjectW
GetBkColor
SetBkMode
SelectObject
IntersectClipRect
GetTextAlign
SetTextAlign
GdiProcessSetup

kernel32

LocalSize
SizeofResource
LoadResource
FindResourceExW
FindResourceExA
GetModuleHandleW
DisableThreadLibraryCalls
GetCurrentThreadId
IsDBCSLeadByteEx
SearchPathW
ExpandEnvironmentStringsW
LoadLibraryExW
GlobalAddAtomW
GetSystemDirectoryW
GetComputerNameW
GetCurrentProcess
GetCurrentThread
ExitThread
GetExitCodeThread
CreateThread
HeapReAlloc
GlobalHandle
FoldStringW
Sleep
GetStringTypeW
GetStringTypeA
GetCPInfo
HeapSize
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
ReadFile
SetFileTime
GetFileTime
GetSystemWindowsDirectoryW
CopyFileW
MoveFileW
DeleteFileW
CreateProcessW
AddAtomA
AddAtomW
GetAtomNameW
GetAtomNameA
IsValidLocale
ConvertDefaultLocale
CompareStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrlenW
GetLogicalDrives
FindClose
FindNextFileW
FindFirstFileW
GetThreadLocale
ProcessIdToSessionId
GetCurrentProcessId
InterlockedCompareExchange
IsDBCSLeadByte
LCMapStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
lstrlenA
GlobalFindAtomA
GetModuleFileNameA
GetModuleHandleA
GlobalAddAtomA
DelayLoadFailureHook
LoadLibraryA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalUnlock
LocalLock
LocalReAlloc
GetACP
GetOEMCP
InterlockedIncrement
InterlockedDecrement
SetLastError
GlobalFindAtomW
GlobalAlloc
MultiByteToWideChar
GlobalReAlloc
GetLastError
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcpynW
CreateFileW
WritePrivateProfileStringW
lstrcmpiW
SetEvent
WaitForMultipleObjectsEx
WideCharToMultiByte
GlobalFlags
GetLocaleInfoW
GlobalFree
GetModuleFileNameW
GlobalGetAtomNameW
GlobalGetAtomNameA
InterlockedExchange
DeleteAtom
LocalAlloc
GlobalDeleteAtom
LocalFree
GlobalSize
GlobalLock
GlobalUnlock
GetUserDefaultLCID
HeapAlloc
HeapFree
lstrcpyW
lstrcatW
GetPrivateProfileStringW
RegisterWaitForInputIdle

ntdll

NtQueryVirtualMemory
RtlUnwind
RtlNtStatusToDosError
NlsAnsiCodePage
RtlAllocateHeap
qsort
RtlMultiByteToUnicodeSize
LdrFlushAlternateResourceModules
RtlPcToFileHeader
wcsrchr
NtRaiseHardError
RtlIsNameLegalDOS8Dot3
strrchr
sscanf
NtQueryKey
NtEnumerateValueKey
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString
_wcsicmp
CsrAllocateCaptureBuffer
CsrCaptureMessageBuffer
CsrFreeCaptureBuffer
NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
CsrClientCallServer
memmove
NtCallbackReturn
RtlUnicodeToMultiByteSize
RtlActivateActivationContextUnsafeFast
RtlDeactivateActivationContextUnsafeFast
RtlInitializeCriticalSection
NtQuerySystemInformation
swprintf
RtlDeleteCriticalSection
RtlImageNtHeader
CsrClientConnectToServer
NtYieldExecution
NtCreateKey
NtSetValueKey
NtDeleteValueKey
RtlQueryInformationActiveActivationContext
RtlReleaseActivationContext
RtlFreeHeap
wcsncpy
wcscmp
wcstoul
wcscat
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
NtOpenDirectoryObject
_chkstk
wcscpy
wcsncat
NtSetSecurityObject
NtQuerySecurityObject
NtQueryInformationProcess
wcstol
wcslen
RtlFindActivationContextSectionString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlOpenCurrentUser
NtEnumerateKey
NtOpenKey
NtClose
NtQueryValueKey
RtlInitUnicodeString
RtlUnicodeStringToInteger

Exports

Exports

ActivateKeyboardLayout
AdjustWindowRect
AdjustWindowRectEx
AlignRects
AllowForegroundActivation
AllowSetForegroundWindow
AnimateWindow
AnyPopup
AppendMenuA
AppendMenuW
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BlockInput
BringWindowToTop
BroadcastSystemMessage
BroadcastSystemMessageA
BroadcastSystemMessageExA
BroadcastSystemMessageExW
BroadcastSystemMessageW
BuildReasonArray
CalcMenuBar
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
CascadeChildWindows
CascadeWindows
ChangeClipboardChain
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuA
ChangeMenuW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharToOemBuffW
CharToOemW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
ChildWindowFromPoint
ChildWindowFromPointEx
CliImmSetHotKey
ClientThreadSetup
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseWindow
CloseWindowStation
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDesktopA
CreateDesktopW
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMDIWindowA
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateSystemThreads
CreateWindowExA
CreateWindowExW
CreateWindowStationA
CreateWindowStationW
CsrBroadcastSystemMessageExW
CtxInitUser32
DdeAbandonTransaction
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeConnectList
DdeCreateDataHandle
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeGetQualityOfService
DdeImpersonateClient
DdeInitializeA
DdeInitializeW
DdeKeepStringHandle
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringA
DdeQueryStringW
DdeReconnect
DdeSetQualityOfService
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DefDlgProcW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefRawInputProc
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeleteMenu
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyReasons
DestroyWindow
DeviceEventWorker
DialogBoxIndirectParamA
DialogBoxIndirectParamAorW
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DisableProcessWindowsGhosting
DispatchMessageA
DispatchMessageW
DisplayExitWindowsWarnings
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExA
DlgDirSelectComboBoxExW
DlgDirSelectExA
DlgDirSelectExW
DragDetect
DragObject
DrawAnimatedRects
DrawCaption
DrawCaptionTempA
DrawCaptionTempW
DrawEdge
DrawFocusRect
DrawFrame
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawMenuBarTemp
DrawStateA
DrawStateW
DrawTextA
DrawTextExA
DrawTextExW
DrawTextW
EditWndProc
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndMenu
EndPaint
EndTask
EnterReaderModeHelper
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplayDevicesA
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
EqualRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
FlashWindowEx
FrameRect
FreeDDElParam
GetActiveWindow
GetAltTabInfo
GetAltTabInfoA
GetAltTabInfoW
GetAncestor
GetAppCompatFlags
GetAppCompatFlags2
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetCaretPos
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongW
GetClassNameA
GetClassNameW
GetClassWord
GetClientRect
GetClipCursor
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardSequenceNumber
GetClipboardViewer
GetComboBoxInfo
GetCursor
GetCursorFrameInfo
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetGUIThreadInfo
GetGuiResources
GetIconInfo
GetInputDesktop
GetInputState
GetInternalWindowPos
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastInputInfo
GetLayeredWindowAttributes
GetListBoxInfo
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetMouseMovePointsEx
GetNextDlgGroupItem
GetNextDlgTabItem
GetOpenClipboardWindow
GetParent
GetPriorityClipboardFormat
GetProcessDefaultLayout
GetProcessWindowStation
GetProgmanWindow
GetPropA
GetPropW
GetQueueStatus
GetRawInputBuffer
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetReasonTitleFromReasonCode
GetRegisteredRawInputDevices
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTabbedTextExtentA
GetTabbedTextExtentW
GetTaskmanWindow
GetThreadDesktop
GetTitleBarInfo
GetTopWindow
GetUpdateRect
GetUpdateRgn
GetUserObjectInformationA
GetUserObjectInformationW
GetUserObjectSecurity
GetWinStationInfo
GetWindow
GetWindowContextHelpId
GetWindowDC
GetWindowInfo
GetWindowLongA
GetWindowLongW
GetWindowModuleFileName
GetWindowModuleFileNameA
GetWindowModuleFileNameW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowRgnBox
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GetWindowWord
GrayStringA
GrayStringW
HideCaret
HiliteMenuItem
IMPGetIMEA
IMPGetIMEW
IMPQueryIMEA
IMPQueryIMEW
IMPSetIMEA
IMPSetIMEW
ImpersonateDdeClientWindow
InSendMessage
InSendMessageEx
InflateRect
InitializeLpkHooks
InitializeWin32EntryTable
InsertMenuA
InsertMenuItemA
InsertMenuItemW
InsertMenuW
InternalGetWindowText
IntersectRect
InvalidateRect
InvalidateRgn
InvertRect
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
IsChild
IsClipboardFormatAvailable
IsDialogMessage
IsDialogMessageA
IsDialogMessageW
IsDlgButtonChecked
IsGUIThread
IsHungAppWindow
IsIconic
IsMenu
IsRectEmpty
IsServerSideWindow
IsWinEventHookInstalled
IsWindow
IsWindowEnabled
IsWindowInDestroy
IsWindowUnicode
IsWindowVisible
IsZoomed
KillSystemTimer
KillTimer
LoadAcceleratorsA
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorFromFileA
LoadCursorFromFileW
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadKeyboardLayoutA
LoadKeyboardLayoutEx
LoadKeyboardLayoutW
LoadLocalFonts
LoadMenuA
LoadMenuIndirectA
LoadMenuIndirectW
LoadMenuW
LoadRemoteFonts
LoadStringA
LoadStringW
LockSetForegroundWindow
LockWindowStation
LockWindowUpdate
LockWorkStation
LookupIconIdFromDirectory
LookupIconIdFromDirectoryEx
MBToWCSEx
MB_GetString
MapDialogRect
MapVirtualKeyA
MapVirtualKeyExA
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MenuItemFromPoint
MenuWindowProcA
MenuWindowProcW
MessageBeep
MessageBoxA
MessageBoxExA
MessageBoxExW
MessageBoxIndirectA
MessageBoxIndirectW
MessageBoxTimeoutA
MessageBoxTimeoutW
MessageBoxW
ModifyMenuA
ModifyMenuW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OemKeyScan
OemToCharA
OemToCharBuffA
OemToCharBuffW
OemToCharW
OffsetRect
OpenClipboard

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7e4c9a7e391be4367d79bd1ab92b748d440e13fd5ca6c0820b30e6e9c670871f.exe
.exe windows:5 windows x86 arch:x86

8237df68e65f199149a53c58781e1f1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
GetForegroundWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
MessageBoxIndirectA
WinHelpA
UpdateWindow
DefWindowProcA
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
TranslateMessage
EnableMenuItem

kernel32

GetSystemDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
CreateEventA
SetEvent
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
GetFileType
GetSystemTime
GetStdHandle
RaiseException
RtlUnwind
SetEndOfFile
UnhandledExceptionFilter
WriteFile
GetLocaleInfoA
GetStartupInfoA
GetThreadLocale
lstrcpynA
lstrlenA
WideCharToMultiByte
VirtualQuery
GetCurrentThreadId
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
SetFileTime
SetFilePointer
SetFileAttributesA
SetErrorMode
SetCurrentDirectoryA
SearchPathA
RemoveDirectoryA
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
LoadLibraryExA
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersion
GetTickCount
GetTempPathA
GetTempFileNameA
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetDiskFreeSpaceA
GetCurrentProcess
GetCommandLineA
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitProcess
DeleteFileA
CreateProcessA
CreateFileA
CreateDirectoryA
CopyFileA
CompareFileTime
GetThreadContext
GetCalendarInfoA
SetConsoleCursorInfo
OpenMutexA
CallNamedPipeA
GetComputerNameExW
LocalUnlock
VirtualProtect
GetModuleHandleW
GetSystemInfo
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
OutputDebugStringA
GetTimeZoneInformation
HeapReAlloc
HeapDestroy
HeapCreate
TerminateProcess
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
80eb72d78175761e34378e06a5ca13b26edd6c47ee18e0d222fa068a249785f2_Dumped_TDS=4F9911B3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
80eb72d78175761e34378e06a5ca13b26edd6c47ee18e0d222fa068a249785f2_TDS=4FAAF59A.exe
.exe windows:4 windows x86 arch:x86

c0603d2421d9908fc21039f32a3a1140

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GlobalAlloc
GetStdHandle
LocalAlloc
CreateMutexA
GetEnvironmentStringsW
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_exit
_onexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
845263c86931440e934cf40f4461dc14903a474f6f5eab4773482842855ba1c8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
85242241870190a81b55d0ea723c25391fff14140bac149a32630c5f892a3a8f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Null\Documents\Visual Studio 2012\Projects\FBILock\FBILock\obj\Debug\FBILock.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
86be3831f5d8a975b0924168117fc7fcd1f5067ac5935c657efbb4798cb6a439.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Ferial\Desktop\DO NOT OPEN THE FUCKIN RANSOMWAREa\DO NOT OPEN THE FUCKIN RANSOMWARE\obj\x86\Release\DO NOT OPEN THE FUCKIN RANSOMWARE.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8791931bac7d8afbb30dc1d32a4dd54ee59a2160580a83d822a927039d8ca98f_Dumped_TDS=4F83FCDA.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_dll_entry@16

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8791931bac7d8afbb30dc1d32a4dd54ee59a2160580a83d822a927039d8ca98f_TDS=4F84A969.exe
.exe windows:4 windows x86 arch:x86

b6e2eb432a22f6199b27693a6154ef9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
CreateMutexA
CreateEventA
CreateSemaphoreA
GetVersionExA
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

shlwapi

UrlCombineA

setupapi

SetupGetFieldCount

msvcrt

__setusermatherr
_onexit
__dllonexit
memcpy
_controlfp
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
87a4f3f9f6dc263378f2f01db5f2c988.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
89fb6d7ff29b0c349c19df2e81028a62a2758c33f2c72b87dc11af4f22d3c6f6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8c591485357e45a09dad3116496e6f686fa11f445a6bea5ef3cd5ed1ac078821.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8d372fcf8a97223ebb86cdfe707d3035dfbfd4501c5688cfa82a9a4889e637e0.exe
.exe windows:5 windows x64 arch:x64

b5b7cc24098123f0fc0d26869fe821b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
GetProcAddress
LoadLibraryA
GetLastError
ExpandEnvironmentStringsA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetShortPathNameW
GetTempPathW
Sleep
LoadLibraryExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
WriteConsoleA
SetConsoleTextAttribute
GetStdHandle
GetModuleFileNameW
HeapSize
RtlUnwindEx
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetCurrentProcessId
DeleteFileA
RemoveDirectoryA
FindNextFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DecodePointer
EncodePointer
SetConsoleCtrlHandler
GetModuleHandleW
ExitProcess
HeapReAlloc
GetDriveTypeW
GetFullPathNameA
GetFileAttributesA
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
WriteFile
SetHandleCount
DeleteCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LoadLibraryW
CreateFileW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
GetStringTypeW
CompareStringW

ws2_32

ntohl

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
900.exe
.exe windows:6 windows x86 arch:x86

9fc19485806c08804a01a75c909dbd0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfW
StrStrW
StrStrIW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

kernel32

GetLogicalDrives
FindFirstFileW
FindNextFileW
lstrlenW
WriteFile
TerminateProcess
GetUserDefaultLangID
GetProcessHeap
WaitForMultipleObjects
FindClose
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
GetLastError
HeapAlloc
CloseHandle
CreateThread
SetFilePointerEx
ExitProcess
CreateProcessW
lstrcpyW
lstrcmpiW
lstrcmpW
MoveFileW
HeapFree
lstrlenA
ReadFile
GetModuleFileNameW
Process32NextW

user32

GetKeyboardLayoutList

advapi32

GetSidSubAuthority
OpenProcessToken
GetSidSubAuthorityCount
CryptEncrypt
CryptReleaseContext
GetTokenInformation
CryptDestroyKey
CryptAcquireContextW
CryptGenRandom
CryptImportKey
CryptExportKey
CryptGenKey

shell32

ShellExecuteW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
911d5905cbe1dd462f171b7167cd15b9.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
91d24e06572099ba0aa5c20be6b1021fa48e864913fe3676ed05323e6b68fceb.exe
.zip
Saldo.Pdf______________________________________________________________.exe
.exe windows:5 windows x86 arch:x86

380e5390f65e340268c2e7706d44415e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetTickCount
GetModuleFileNameW
IsDebuggerPresent
GetCPInfo
VirtualQuery
CreateFileA
CloseHandle
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetModuleHandleA
GetCommandLineW
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteConsoleA
RaiseException

user32

GetWindowRect
IsZoomed
GetForegroundWindow
GetWindowLongW
GetDesktopWindow
GetCursor

advapi32

GetUserNameA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
92ac6be4d9215b237d624177ca0543844d0dc8d071660ae4a4cf7c93cc11505b.exe
.exe windows:6 windows x86 arch:x86

008aca28b7c001acc5e0ab32fabaad84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\Win32Project9\Release\Win32Project9.pdb

Imports

kernel32

GetCurrentProcess
ExitThread
SetEndOfFile
CreateFileW
HeapSize
WriteConsoleW
ReadConsoleW
SetStdHandle
FindFirstFileExW
FindClose
GetProcAddress
GetCommandLineW
GetCommandLineA
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WinExec
CreateProcessA
GetStartupInfoA
GetModuleFileNameW
CopyFileA
GetFileAttributesA
GetModuleFileNameA
FindNextFileW
GetLocalTime
FindFirstFileW
CreateThread
GetModuleHandleW
Sleep
GetLogicalDrives
VerifyVersionInfoW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetLastError
FreeLibrary
LoadLibraryExW
RaiseException
RtlUnwind
MoveFileExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
HeapAlloc
HeapReAlloc
HeapFree
VerSetConditionMask

user32

ShowWindow
SendMessageW
FindWindowW
DrawTextA
CallNextHookEx
GetAsyncKeyState
DefWindowProcW
PostQuitMessage
DestroyWindow
KillTimer
InvalidateRect
SetTimer
EndPaint
SetWindowsHookExW
DrawTextW
BeginPaint
GetSystemMetrics
ShowCursor
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
SetWindowLongW
SetWindowPos
CreateWindowExW
RegisterClassExW
LoadCursorW

gdi32

MoveToEx
CreatePen
DeleteObject
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectW
CreateSolidBrush
LineTo

advapi32

SystemFunction036
GetUserNameA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW

shell32

ord680

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

netapi32

NetUserGetInfo

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
97512f4617019c907cd0f88193039e7c.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 912KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 665KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 916KB - Virtual size: 915KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
98aadc95c589e064a542802bbf0ef01ef00595c34d195f1a1e6443909846d2e7.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9943256.exe
.exe windows:5 windows x86 arch:x86

0d2a3dff6d08ba82ac9b7da6dc4764b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW
StrCatW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

kernel32

lstrlenW
CopyFileW
CloseHandle
WriteFile
CreateFileW
WideCharToMultiByte
Sleep
GetCommandLineW
CreateProcessW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetTickCount
GetEnvironmentVariableW
OpenProcess
SetSystemTime
GetSystemTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
WaitForSingleObject
CreateThread
IsDebuggerPresent

user32

CreateWindowExW
GetSystemMetrics
RegisterClassExW
DefWindowProcW
SetLayeredWindowAttributes
SetWindowPos
SetWindowLongW
GetWindowLongW
EndPaint
BeginPaint
EndDialog
GetDlgItemInt
CallNextHookEx
GetAsyncKeyState
ShowWindow
UpdateWindow
SetForegroundWindow
SetWindowsHookExW
DialogBoxParamW
BeginDeferWindowPos
AdjustWindowRect
ArrangeIconicWindows
AllowSetForegroundWindow
AnimateWindow
BringWindowToTop
AnyPopup
CascadeWindows
MessageBoxW
CloseWindow

gdi32

TextOutW
SetTextColor
SetBkColor
Rectangle
CreateSolidBrush
CreatePen
SelectObject
CreateFontA

Sections

.text
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9B9517FA1515F47A502FE56536236A20BE5BBADF.exe
.exe windows:4 windows x86 arch:x86

59a4a44a250c4cf4f2d9de2b3fe5d95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
CloseHandle
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

38e7b5c3ee58b43a91f9679e94aabd09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
GetPropA
CharPrevA
MapWindowPoints
DrawFocusRect
GetWindowLongA
GetClientRect
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
LoadCursorA
RemovePropA
DrawTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NumenHeartwoodSchefflera
SceneButtonInset_Alpha2.png
.png
draft.watermark.image.xml
unneighbourliness.dll
.dll windows:4 windows x86 arch:x86

0e2a4e49270105abc999a944432cb3a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CheckDlgButton
DefDlgProcA

Exports

Exports

Azine
_EnumMastery

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
video-card.png
9b7eaffe4dffcbd06445d0b32785cdc8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

text
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a322da0be4f0be8d85eab815ca708c8452b63f24d0e2d2d6d896a9f9331a6244.exe
.exe windows:5 windows x86 arch:x86

b13814a376b70a4e0bb7a2b2a5007ed6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
CreateEventA
GetTempPathA
LoadLibraryW
GetStringTypeW
GetConsoleCP
GetConsoleMode
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcessId
SetStdHandle
WriteConsoleW
CreateFileW
OpenProcess
GetCurrentProcess
SetProcessWorkingSetSize
CreateThread
CreateWaitableTimerA
SetWaitableTimer
lstrcpyn
GetWindowsDirectoryA
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
MoveFileA
WriteFile
CreateFileA
GetFileSize
ReadFile
FindClose
FindFirstFileA
FindNextFileA
GetTickCount
SetFileAttributesA
GetModuleFileNameA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
MultiByteToWideChar
GlobalFree
RtlMoveMemory
GlobalSize
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
IsProcessorFeaturePresent
OpenEventA
lstrlenA
GetSystemDirectoryA
GetLastError
WideCharToMultiByte
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcpynA
GlobalFlags
InterlockedDecrement
WritePrivateProfileStringA
lstrcatA
lstrcpyA
InterlockedIncrement
SetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
RtlUnwind
GetModuleHandleW
RaiseException
HeapQueryInformation
HeapSize
GetACP
IsValidCodePage
Sleep
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType

user32

IsWindowVisible
GetWindowTextA
GetClassNameA
ShowWindow
SetForegroundWindow
SetWindowPos
MsgWaitForMultipleObjects
DestroyMenu
GetWindowThreadProcessId
GetDlgItem
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
SystemParametersInfoA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
UnregisterClassA
SetWindowLongA
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA

advapi32

RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

gdiplus

GdiplusStartup
GdipDisposeImage
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipSaveImageToStream

gdi32

DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteObject
CreateBitmap
GetStockObject
GetObjectA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a42252e674a09a0b689e71c88f59969f538a473da647cc4eb5457a5d5e03a234.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

0e19eece28bfc9b0d635ed4ec3d29752

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 6KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 436B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 6KB

.mackt Size: 4KB - Virtual size: 4KB

8df8842017f9ad4c4915158983df9eb6

Headers

File Characteristics

Imports

kernel32

setupapi

msvcrt

Sections

.text Size: 8KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 878B

.data Size: 48KB - Virtual size: 117KB

.rsrc Size: 4KB - Virtual size: 616B

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

wininet

psapi

iphlpapi

userenv

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 436B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB

.mackt
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 878B

.data
Size: 48KB - Virtual size: 117KB

.rsrc
Size: 4KB - Virtual size: 616B

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 128KB - Virtual size: 127KB

.text
Size: 381KB - Virtual size: 380KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 205KB - Virtual size: 205KB

.reloc
Size: 11KB - Virtual size: 11KB