blackmoon | Batch_1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_1.zip
Size

13.3MB
MD5

19090d44d59052a2c0747280fadc7f92
SHA1

25162ddae11d4f21729418d6f5e43c8fd035de68
SHA256

e9b99706a9b48b09974dd18c1af8a0e402ccddcaa0c91edf43fdd838128a7408
SHA512

9168cb1b97bf680b5be065852486b51c38cd134ec2aebe97bc0a6a4b681a226cf83013e012de1e0402e44369fc6c1ed95068f94ab6e21b4dbba91606f95f9800
SSDEEP

393216:17+hcOnO654Z2D2suR0212iUS8EgAoHBM9a6h2BS8uO:EZzuZu5uR0IRnyHBMIvYO

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/11abb44de53807e32980a010a473514694f901841e63ab33f5e0ff8754009b47.exe	family_blackmoon

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack005/out.upx	autoit_exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/119.executable.exe	upx
static1/unpack001/11abb44de53807e32980a010a473514694f901841e63ab33f5e0ff8754009b47.exe	upx
static1/unpack001/19561b33793dcb865eae56575a899ce8_kovter_from_Sakura82_taskmanger.exe	upx
static1/unpack001/234e77145d329956192c389249e20520851853e2a33779be93530788201b612d.exe	upx

Unsigned PE 33 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/0.4658229854220858.exe
unpack001/00331dd25b83984d4b6d9753fec2b306e88ac87371ea48188df49cb630905d3a.exe
unpack001/065988f36f3ab99ff40893c7ad756cfcc3baea1b8b5217f17cdd6e44160df0a0.exe
unpack001/082671641341d89fe49d0da717846035ba6af02edb59840148eddc3586d21557.exe
unpack001/08cf8ed94cc1ef6ae23133f3e506a50d8aad9047c6fa74568a0373d991261aa4.exe
unpack001/0997ba7292ddbac1c7e7ade6766ed53c.exe
unpack001/0c3431dbb8cd0478250eb4357257880e_localui.dll
unpack001/0cd7440ca94d31212e21867439f38f0828823b76c94d566e81f5dfaf71574ebc.exe
unpack001/100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48.exe.vir.exe
unpack001/101.ex_.exe
unpack001/119.executable.exe
unpack002/out.upx
unpack001/119.unp.exe
unpack001/11abb44de53807e32980a010a473514694f901841e63ab33f5e0ff8754009b47.exe
unpack001/11fb52c96853e12f011b7b7894e9884e56eb5522.exe
unpack001/123.exe
unpack001/139.exe
unpack001/13E418BF18B03AC80580DB69ADA305A2B7093DFED00692DCF91A99D2526D3A73.exe
unpack001/144.exe
unpack001/17697e1829f0d18d2051a67bc2bca134_da3ded254909e9abaa46eb5bc3b10944.exe
unpack001/19561b33793dcb865eae56575a899ce8_kovter_from_Sakura82_taskmanger.exe
unpack001/19ec0d0e5143940492a1c79c06eb8f18aa9feb356e41b8b79fdc6a16a3bcd7bf_Dumped_TDS=4F9911B3.exe
unpack001/19ec0d0e5143940492a1c79c06eb8f18aa9feb356e41b8b79fdc6a16a3bcd7bf_TDS=4F9B33C5.exe
unpack001/1a6bed2afff1b9880e42a29cea9b8139bcb12e34085fb008de13aa983b82a4f2.exe
unpack001/1f210c60f90fd8403099482455f3220b56b2864bc4d2b6af0abda4a2c3854d40.exe
unpack001/1f3509cc11ffa1f7d839df93615cf1ba0819d75cafd5ef59110d9b01fb90addd.exe
unpack001/20c6d29da875075afa0ed7b4fb58e555de89d4bed13bf5ad109817c593ddd77d.exe
unpack001/234e77145d329956192c389249e20520851853e2a33779be93530788201b612d.exe
unpack005/out.upx
unpack001/263fc6fc9efa4c05a08d9ff1fc7bb060a7b8f376f82afa17fd3fc267bc8e8032.exe
unpack006/Compenso.Pdf______________________________________________________________.exe
unpack001/301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f.exe
unpack001/30620.ex_.exe

Files

Batch_1.zip
.zip
0.4658229854220858.exe
.exe windows:5 windows x86 arch:x86

3d10ca6d732bedd1255ab84fd53b9dd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\nvlAa\zzyfj\nndwmojw\rvxM\guMAmvx.pdb

Imports

user32

CopyAcceleratorTableW
MonitorFromPoint
LoadImageW
GetMenuItemID
UpdateWindow
DrawFocusRect
CharNextA
RedrawWindow
GetMenuStringA
GetMenuState
DefFrameProcW
ShowOwnedPopups
GetCursorPos

shlwapi

StrTrimW
UrlGetPartA

gdi32

GetFontData
CreateHalftonePalette
GetPixel
CreatePalette
CreateDiscardableBitmap
CreateDCW

comdlg32

PageSetupDlgW
CommDlgExtendedError
GetSaveFileNameW

kernel32

WaitForMultipleObjectsEx
lstrcatA
RegisterWaitForSingleObject
GetTickCount
DuplicateHandle
SetCurrentDirectoryA
MoveFileA

Exports

Exports

?MVATypibKB@@YGPAHPAH@Z
?VKqwlvjyetqcw@@YGIPAF@Z
?kv_JKZPkK_f_c@@YGDNPAM@Z
?K_OP_L__C@@YGFI@Z
?YHDV_DQGepe_lr@@YGPAJFM@Z
?_yB_AF_T__@@YGXJ@Z
?XRJ_UDz__fbEWtD_DW@@YGKJ@Z
?_IycEM_Ax@@YGXFPAF@Z

Sections

.text
Size: 51KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idat
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pacdat
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
00331dd25b83984d4b6d9753fec2b306e88ac87371ea48188df49cb630905d3a.exe
.exe windows:5 windows x86 arch:x86

d2272c14439e25f8ab9a25fca9bf8f5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\krasnaya\i\bludnica.pdb

Imports

kernel32

WriteConsoleW
GetStringTypeW
LCMapStringW
ReadFile
GetProcessHeap
SetEndOfFile
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleMode
CloseHandle
GetModuleHandleA
LoadLibraryA
GetLastError
MultiByteToWideChar
HeapCreate
WideCharToMultiByte
GetConsoleCP
HeapReAlloc
WriteFile
HeapAlloc
LoadLibraryW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateFileW
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
HeapFree
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc

user32

EnumWindows
BeginPaint
GetParent
EndPaint
CreateWindowExA
GetDlgItem
GetClipboardSequenceNumber
LoadCursorA
LoadAcceleratorsW

gdi32

EndPage
StartPage
DeleteDC
CreateHalftonePalette
CreateDCA
StartDocA
RealizePalette
SelectPalette
GetObjectA
EndDoc

winspool.drv

ord201

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_GetImageCount

gdiplus

GdipDrawRectangleI
GdipFree
GdipDeletePen
GdiplusShutdown
GdipGetImageWidth
GdipCreatePen1
GdipGetImageHeight
GdipDeleteGraphics
GdipDrawEllipseI
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipBitmapGetPixel
GdiplusStartup
GdipCloneImage
GdipCreateFromHDC

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
065988f36f3ab99ff40893c7ad756cfcc3baea1b8b5217f17cdd6e44160df0a0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Source\FinalRansomware\FinalRansomware\FinalRansomware\obj\x86\Debug\GX40.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
082671641341d89fe49d0da717846035ba6af02edb59840148eddc3586d21557.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 944KB - Virtual size: 943KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
08cf8ed94cc1ef6ae23133f3e506a50d8aad9047c6fa74568a0373d991261aa4.exe
.exe windows:5 windows x86 arch:x86

131f65a1495310a11de90d2a4fd48c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 591KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0997ba7292ddbac1c7e7ade6766ed53c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ryank\source\repos\PUBG_Ransomware\PUBG_Ransomware\obj\Debug\PUBG_Ransomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0b7996bca486575be15e68dba7cbd802b1e5f90436ba23f802da66292c8a055f.exe
.elf linux x64
0c3431dbb8cd0478250eb4357257880e_localui.dll
.dll windows:4 windows x64 arch:x64

3441aebf0203abdae2afbe7f77b2af13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

divide.pdb

Imports

kernel32

IsDebuggerPresent
ConvertDefaultLocale
GetSystemDirectoryW
GetDefaultCommConfigW
GetPrivateProfileSectionW
LockResource
VirtualProtect
GetVolumeNameForVolumeMountPointW
GetEnvironmentStringsW
LocalUnlock
ExitThread
RaiseException
SetConsoleCursor
FatalExit
UnlockFileEx
SetEndOfFile
HeapReAlloc
ResumeThread
CheckNameLegalDOS8Dot3W
ActivateActCtx
CreateEventW
EnumUILanguagesW
SetEnvironmentVariableW
GetWindowsDirectoryA
GetFileAttributesW
WritePrivateProfileStringW
ReadConsoleOutputCharacterA
GetNamedPipeHandleStateW
SetDefaultCommConfigA
AddConsoleAliasA
GenerateConsoleCtrlEvent
DecodeSystemPointer
SetupComm
LocalReAlloc
SetFileTime
_hread
EnumCalendarInfoW
EnumResourceLanguagesW
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryW
SetTermsrvAppInstallMode
PrivMoveFileIdentityW

crypt32

CryptSignMessageWithKey
CertControlStore
CryptDecodeObject
CryptExportPublicKeyInfo
CryptEnumOIDFunction
CertSaveStore
CertOIDToAlgId
CryptMsgVerifyCountersignatureEncodedEx
CryptGetMessageSignerCount
CryptUninstallDefaultContext
CryptMsgCountersignEncoded
CertNameToStrW
CryptGetKeyIdentifierProperty
CertGetIntendedKeyUsage
CryptExportPublicKeyInfoEx
CryptSetOIDFunctionValue
CryptSIPRetrieveSubjectGuid
CertCompareIntegerBlob
CertEnumCTLsInStore
CertFindAttribute
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertVerifyCertificateChainPolicy
CertFreeCRLContext
CryptSignMessage
CertGetSubjectCertificateFromStore
CryptMemFree
CertUnregisterPhysicalStore
CryptGetMessageCertificates
CertDuplicateStore

credui

CredUIConfirmCredentialsA
CredUICmdLinePromptForCredentialsA
CredUIPromptForCredentialsW
CredUIParseUserNameW
CredUIParseUserNameA
CredUIReadSSOCredW

samlib

SamGetCompatibilityMode
SamTestPrivateFunctionsDomain
SamDeleteGroup
SamRemoveMemberFromForeignDomain
SamiChangeKeys
SamQueryInformationUser
SamSetInformationAlias
SamRidToSid
SamEnumerateAliasesInDomain
SamRemoveMemberFromAlias
SamiChangePasswordUser2
SamiSetDSRMPassword
SamGetAliasMembership
SamSetInformationGroup
SamAddMultipleMembersToAlias
SamOpenDomain
SamSetInformationUser
SamGetDisplayEnumerationIndex
SamAddMemberToAlias
SamiEncryptPasswords
SamiLmChangePasswordUser
SamCreateUser2InDomain
SamGetMembersInGroup
SamSetSecurityObject
SamiChangePasswordUser
SamDeleteUser
SamCreateUserInDomain
SamLookupIdsInDomain
SamAddMemberToGroup
SamTestPrivateFunctionsUser
SamCreateAliasInDomain
SamOpenGroup
SamLookupDomainInSamServer
SamQueryInformationGroup
SamChangePasswordUser2
SamConnectWithCreds
SamQueryInformationAlias

query

CIGetGlobalPropertyList
LoadTextFilter
InitializeFILTERPerformanceData
CollectCIISAPIPerformanceData
CITextToSelectTree
SvcEntry_CiSvc
LoadBinaryFilter
CICreateCommand
SetupCache
BindIFilterFromStorage
CollectFILTERPerformanceData
CIState
SetCatalogState
DoneCIISAPIPerformanceData
CITextToSelectTreeEx
CIBuildQueryNode
LocateCatalogsA

wtsapi32

WTSVirtualChannelClose
WTSSendMessageA
WTSVirtualChannelQuery
WTSCloseServer
WTSQueryUserConfigA
WTSTerminateProcess
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateServersW
WTSOpenServerA
WTSQueryUserToken
WTSFreeMemory
WTSShutdownSystem
WTSSetSessionInformationA
WTSVirtualChannelPurgeInput
WTSVirtualChannelRead
WTSVirtualChannelPurgeOutput
WTSSetSessionInformationW

oledlg

OleUIPasteSpecialW
OleUIBusyW
OleUIInsertObjectW
OleUIConvertW
OleUIObjectPropertiesW
OleUIChangeSourceW
OleUIEditLinksW

ntlanman

I_SystemFocusDialog

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0cd7440ca94d31212e21867439f38f0828823b76c94d566e81f5dfaf71574ebc.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 600KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 828KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48.exe.vir.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\classyjakey\Documents\Visual Studio 2015\Projects\Cockblocker\Cockblocker\obj\Release\Cockblocker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.ex_.exe
.exe windows:5 windows x86 arch:x86

0a0b399b585bbaff253cda725deec018

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LockResource
LoadResource
GlobalAlloc
GlobalLock
InterlockedExchange
GetVersionExW
GetProcAddress
GetModuleHandleW
LoadLibraryW
CloseHandle
Sleep
OpenProcess
GetExitCodeProcess
TerminateProcess
CreateProcessW
GetModuleFileNameW
CreateFileW
ReadFile
WriteFile
FindResourceW
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
IsProcessorFeaturePresent
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetTickCount
GetSystemTime
VirtualFree
VirtualProtect
VirtualAlloc
CreateThread
GetLastError
CreateMutexA
SetProcessPriorityBoost
SetThreadPriority
SetPriorityClass
lstrcatA
GetCurrentProcess
GetEnvironmentVariableA
lstrcpyA
GetShortPathNameA
GetModuleFileNameA
RaiseException
HeapCreate
GetStdHandle
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapFree
VirtualQuery
GetSystemInfo
HeapAlloc
DecodePointer
ExitProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

user32

SetWindowsHookExW
SystemParametersInfoW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
GetSystemMetrics
CreateWindowExW
SetCursor
EndPaint
BeginPaint
DefWindowProcW
CallNextHookEx
SetWindowTextW
GetWindowTextW

gdi32

GetObjectW
CreateCompatibleDC
SetDIBColorTable
DeleteDC
LineTo
MoveToEx
Rectangle
CreatePen
TextOutW
SelectObject
SetTextColor
SetBkMode
BitBlt
CreateFontW
DeleteObject
CreateDIBSection

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA

ole32

CreateStreamOnHGlobal

shlwapi

StrCmpW
StrCatW
StrCpyW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

gdiplus

GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdiplusShutdown
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
119.executable.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
119.unp.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
11abb44de53807e32980a010a473514694f901841e63ab33f5e0ff8754009b47.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 147KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
11fb52c96853e12f011b7b7894e9884e56eb5522.exe
.exe windows:4 windows x86 arch:x86

c79abeef43f264f745bb20039f3b5bd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1726
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4432
ord303
ord825
ord813
ord800
ord5259
ord4723
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord3749
ord1727
ord4427
ord674
ord527
ord366
ord794
ord2252
ord5252
ord1133
ord3481
ord3797
ord4284
ord4612
ord4610
ord4274
ord4892
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord815
ord400
ord561
ord743
ord5500
ord6215
ord617
ord5301
ord5214
ord296
ord2036
ord986
ord520
ord4159
ord6117
ord1134
ord1199
ord1205
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5241
ord5280
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord2486
ord4003
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord1206
ord2623
ord338
ord1223
ord4823
ord1849
ord4244
ord2583
ord4403
ord5253
ord3998
ord1576
ord4370
ord4899
ord4588
ord4589
ord4272
ord1942
ord6375
ord823
ord1168

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
__setusermatherr

kernel32

VirtualAlloc
GetTickCount
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
Sleep

user32

SendMessageA
EnableWindow
UpdateWindow

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
123.exe
.exe windows:5 windows x86 arch:x86

dd8fd079a980cb9227eb869f7da9b258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

Sleep
SizeofResource
GetConsoleWindow
GetVersionExW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
GetSystemDirectoryW
CreateEventW
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
CreateProcessA
GetExitCodeProcess
WriteConsoleW
WriteFile
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FindResourceW
GetNativeSystemInfo
GetCommandLineW
GetFileAttributesExW
SetEnvironmentVariableA
LockResource
GetModuleHandleExW
SetStdHandle
ReadConsoleW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
ExitProcess
SetEndOfFile
AreFileApisANSI
GetCommandLineA
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
HeapReAlloc
OutputDebugStringW

user32

ExitWindowsEx
ShowWindow

advapi32

RegisterServiceCtrlHandlerW
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
ChangeServiceConfig2W
LookupPrivilegeValueW
CreateProcessAsUserW
LogonUserW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CreateServiceW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
139.exe
.exe windows:5 windows x86 arch:x86

dd8fd079a980cb9227eb869f7da9b258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

Sleep
SizeofResource
GetConsoleWindow
GetVersionExW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
GetSystemDirectoryW
CreateEventW
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
CreateProcessA
GetExitCodeProcess
WriteConsoleW
WriteFile
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FindResourceW
GetNativeSystemInfo
GetCommandLineW
GetFileAttributesExW
SetEnvironmentVariableA
LockResource
GetModuleHandleExW
SetStdHandle
ReadConsoleW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
ExitProcess
SetEndOfFile
AreFileApisANSI
GetCommandLineA
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
HeapReAlloc
OutputDebugStringW

user32

ExitWindowsEx
ShowWindow

advapi32

RegisterServiceCtrlHandlerW
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
ChangeServiceConfig2W
LookupPrivilegeValueW
CreateProcessAsUserW
LogonUserW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CreateServiceW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
13E418BF18B03AC80580DB69ADA305A2B7093DFED00692DCF91A99D2526D3A73.exe
.dll windows:5 windows x86 arch:x86

b09cd7cb9ae5a48bd10d5b61d744b752

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

user32.pdb

Imports

gdi32

GetClipRgn
ExtSelectClipRgn
GetHFONT
GetMapMode
SetGraphicsMode
GetClipBox
CreateRectRgn
CreateRectRgnIndirect
SetLayout
GetBoundsRect
ExcludeClipRect
PlayEnhMetaFile
GdiGetBitmapBitsSize
CreatePen
Ellipse
CreateEllipticRgn
GdiFixUpHandle
GetTextCharacterExtra
SetTextCharacterExtra
GetCurrentObject
GetViewportOrgEx
SetViewportOrgEx
PolyPatBlt
CreateBrushIndirect
SetBoundsRect
CopyEnhMetaFileW
CopyMetaFileW
GetPaletteEntries
CreatePalette
SetPaletteEntries
bInitSystemAndFontsDirectoriesW
bMakePathNameW
cGetTTFFromFOT
GetPixel
ExtTextOutA
GetTextCharsetInfo
QueryFontAssocStatus
GetCharWidthInfo
GetCharWidthA
GetTextFaceW
GetCharABCWidthsA
GetCharABCWidthsW
SetBrushOrgEx
CreateFontIndirectW
EnumFontsW
GetTextFaceAliasW
GetTextMetricsW
GetTextColor
GetBkMode
GetViewportExtEx
GetWindowExtEx
GdiGetCharDimensions
GdiGetCodePage
GetTextCharset
GdiPrinterThunk
GdiAddFontResourceW
TranslateCharsetInfo
SaveDC
OffsetWindowOrgEx
RestoreDC
ExtTextOutW
GetObjectType
GetDIBits
CreateDIBSection
SetStretchBltMode
SelectPalette
RealizePalette
SetDIBits
CreateDCW
CreateDIBitmap
CreateCompatibleBitmap
SetBitmapBits
DeleteDC
GdiValidateHandle
GdiDllInitialize
CreateSolidBrush
GetStockObject
CreateCompatibleDC
GdiConvertBitmapV5
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GetRgnBox
CombineRgn
OffsetRgn
MirrorRgn
EnableEUDC
GdiConvertToDevmodeW
GetTextExtentPointA
GetTextExtentPointW
CreateBitmap
SetLayoutWidth
PatBlt
TextOutA
TextOutW
BitBlt
GdiConvertAndCheckDC
StretchBlt
SetRectRgn
GdiReleaseDC
GdiConvertEnhMetaFile
GdiConvertMetaFilePict
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
GetDIBColorTable
GetDeviceCaps
StretchDIBits
GetLayout
SetBkColor
SetTextColor
GetObjectW
GetBkColor
SetBkMode
SelectObject
IntersectClipRect
GetTextAlign
SetTextAlign
GdiProcessSetup

kernel32

LocalSize
SizeofResource
LoadResource
FindResourceExW
FindResourceExA
GetModuleHandleW
DisableThreadLibraryCalls
GetCurrentThreadId
IsDBCSLeadByteEx
SearchPathW
ExpandEnvironmentStringsW
LoadLibraryExW
GlobalAddAtomW
GetSystemDirectoryW
GetComputerNameW
GetCurrentProcess
GetCurrentThread
ExitThread
GetExitCodeThread
CreateThread
HeapReAlloc
GlobalHandle
FoldStringW
Sleep
GetStringTypeW
GetStringTypeA
GetCPInfo
HeapSize
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
ReadFile
SetFileTime
GetFileTime
GetSystemWindowsDirectoryW
CopyFileW
MoveFileW
DeleteFileW
CreateProcessW
AddAtomA
AddAtomW
GetAtomNameW
GetAtomNameA
IsValidLocale
ConvertDefaultLocale
CompareStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrlenW
GetLogicalDrives
FindClose
FindNextFileW
FindFirstFileW
GetThreadLocale
ProcessIdToSessionId
GetCurrentProcessId
InterlockedCompareExchange
IsDBCSLeadByte
LCMapStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
lstrlenA
GlobalFindAtomA
GetModuleFileNameA
GetModuleHandleA
GlobalAddAtomA
DelayLoadFailureHook
LoadLibraryA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalUnlock
LocalLock
LocalReAlloc
GetACP
GetOEMCP
InterlockedIncrement
InterlockedDecrement
SetLastError
GlobalFindAtomW
GlobalAlloc
MultiByteToWideChar
GlobalReAlloc
GetLastError
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcpynW
CreateFileW
WritePrivateProfileStringW
lstrcmpiW
SetEvent
WaitForMultipleObjectsEx
WideCharToMultiByte
GlobalFlags
GetLocaleInfoW
GlobalFree
GetModuleFileNameW
GlobalGetAtomNameW
GlobalGetAtomNameA
InterlockedExchange
DeleteAtom
LocalAlloc
GlobalDeleteAtom
LocalFree
GlobalSize
GlobalLock
GlobalUnlock
GetUserDefaultLCID
HeapAlloc
HeapFree
lstrcpyW
lstrcatW
GetPrivateProfileStringW
RegisterWaitForInputIdle

ntdll

NtQueryVirtualMemory
RtlUnwind
RtlNtStatusToDosError
NlsAnsiCodePage
RtlAllocateHeap
qsort
RtlMultiByteToUnicodeSize
LdrFlushAlternateResourceModules
RtlPcToFileHeader
wcsrchr
NtRaiseHardError
RtlIsNameLegalDOS8Dot3
strrchr
sscanf
NtQueryKey
NtEnumerateValueKey
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString
_wcsicmp
CsrAllocateCaptureBuffer
CsrCaptureMessageBuffer
CsrFreeCaptureBuffer
NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
CsrClientCallServer
memmove
NtCallbackReturn
RtlUnicodeToMultiByteSize
RtlActivateActivationContextUnsafeFast
RtlDeactivateActivationContextUnsafeFast
RtlInitializeCriticalSection
NtQuerySystemInformation
swprintf
RtlDeleteCriticalSection
RtlImageNtHeader
CsrClientConnectToServer
NtYieldExecution
NtCreateKey
NtSetValueKey
NtDeleteValueKey
RtlQueryInformationActiveActivationContext
RtlReleaseActivationContext
RtlFreeHeap
wcsncpy
wcscmp
wcstoul
wcscat
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
NtOpenDirectoryObject
_chkstk
wcscpy
wcsncat
NtSetSecurityObject
NtQuerySecurityObject
NtQueryInformationProcess
wcstol
wcslen
RtlFindActivationContextSectionString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlOpenCurrentUser
NtEnumerateKey
NtOpenKey
NtClose
NtQueryValueKey
RtlInitUnicodeString
RtlUnicodeStringToInteger

Exports

Exports

ActivateKeyboardLayout
AdjustWindowRect
AdjustWindowRectEx
AlignRects
AllowForegroundActivation
AllowSetForegroundWindow
AnimateWindow
AnyPopup
AppendMenuA
AppendMenuW
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BlockInput
BringWindowToTop
BroadcastSystemMessage
BroadcastSystemMessageA
BroadcastSystemMessageExA
BroadcastSystemMessageExW
BroadcastSystemMessageW
BuildReasonArray
CalcMenuBar
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
CascadeChildWindows
CascadeWindows
ChangeClipboardChain
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuA
ChangeMenuW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharToOemBuffW
CharToOemW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
ChildWindowFromPoint
ChildWindowFromPointEx
CliImmSetHotKey
ClientThreadSetup
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseWindow
CloseWindowStation
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDesktopA
CreateDesktopW
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMDIWindowA
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateSystemThreads
CreateWindowExA
CreateWindowExW
CreateWindowStationA
CreateWindowStationW
CsrBroadcastSystemMessageExW
CtxInitUser32
DdeAbandonTransaction
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeConnectList
DdeCreateDataHandle
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeGetQualityOfService
DdeImpersonateClient
DdeInitializeA
DdeInitializeW
DdeKeepStringHandle
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringA
DdeQueryStringW
DdeReconnect
DdeSetQualityOfService
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DefDlgProcW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefRawInputProc
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeleteMenu
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyReasons
DestroyWindow
DeviceEventWorker
DialogBoxIndirectParamA
DialogBoxIndirectParamAorW
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DisableProcessWindowsGhosting
DispatchMessageA
DispatchMessageW
DisplayExitWindowsWarnings
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExA
DlgDirSelectComboBoxExW
DlgDirSelectExA
DlgDirSelectExW
DragDetect
DragObject
DrawAnimatedRects
DrawCaption
DrawCaptionTempA
DrawCaptionTempW
DrawEdge
DrawFocusRect
DrawFrame
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawMenuBarTemp
DrawStateA
DrawStateW
DrawTextA
DrawTextExA
DrawTextExW
DrawTextW
EditWndProc
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndMenu
EndPaint
EndTask
EnterReaderModeHelper
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplayDevicesA
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
EqualRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
FlashWindowEx
FrameRect
FreeDDElParam
GetActiveWindow
GetAltTabInfo
GetAltTabInfoA
GetAltTabInfoW
GetAncestor
GetAppCompatFlags
GetAppCompatFlags2
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetCaretPos
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongW
GetClassNameA
GetClassNameW
GetClassWord
GetClientRect
GetClipCursor
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardSequenceNumber
GetClipboardViewer
GetComboBoxInfo
GetCursor
GetCursorFrameInfo
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetGUIThreadInfo
GetGuiResources
GetIconInfo
GetInputDesktop
GetInputState
GetInternalWindowPos
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastInputInfo
GetLayeredWindowAttributes
GetListBoxInfo
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetMouseMovePointsEx
GetNextDlgGroupItem
GetNextDlgTabItem
GetOpenClipboardWindow
GetParent
GetPriorityClipboardFormat
GetProcessDefaultLayout
GetProcessWindowStation
GetProgmanWindow
GetPropA
GetPropW
GetQueueStatus
GetRawInputBuffer
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetReasonTitleFromReasonCode
GetRegisteredRawInputDevices
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTabbedTextExtentA
GetTabbedTextExtentW
GetTaskmanWindow
GetThreadDesktop
GetTitleBarInfo
GetTopWindow
GetUpdateRect
GetUpdateRgn
GetUserObjectInformationA
GetUserObjectInformationW
GetUserObjectSecurity
GetWinStationInfo
GetWindow
GetWindowContextHelpId
GetWindowDC
GetWindowInfo
GetWindowLongA
GetWindowLongW
GetWindowModuleFileName
GetWindowModuleFileNameA
GetWindowModuleFileNameW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowRgnBox
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GetWindowWord
GrayStringA
GrayStringW
HideCaret
HiliteMenuItem
IMPGetIMEA
IMPGetIMEW
IMPQueryIMEA
IMPQueryIMEW
IMPSetIMEA
IMPSetIMEW
ImpersonateDdeClientWindow
InSendMessage
InSendMessageEx
InflateRect
InitializeLpkHooks
InitializeWin32EntryTable
InsertMenuA
InsertMenuItemA
InsertMenuItemW
InsertMenuW
InternalGetWindowText
IntersectRect
InvalidateRect
InvalidateRgn
InvertRect
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
IsChild
IsClipboardFormatAvailable
IsDialogMessage
IsDialogMessageA
IsDialogMessageW
IsDlgButtonChecked
IsGUIThread
IsHungAppWindow
IsIconic
IsMenu
IsRectEmpty
IsServerSideWindow
IsWinEventHookInstalled
IsWindow
IsWindowEnabled
IsWindowInDestroy
IsWindowUnicode
IsWindowVisible
IsZoomed
KillSystemTimer
KillTimer
LoadAcceleratorsA
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorFromFileA
LoadCursorFromFileW
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadKeyboardLayoutA
LoadKeyboardLayoutEx
LoadKeyboardLayoutW
LoadLocalFonts
LoadMenuA
LoadMenuIndirectA
LoadMenuIndirectW
LoadMenuW
LoadRemoteFonts
LoadStringA
LoadStringW
LockSetForegroundWindow
LockWindowStation
LockWindowUpdate
LockWorkStation
LookupIconIdFromDirectory
LookupIconIdFromDirectoryEx
MBToWCSEx
MB_GetString
MapDialogRect
MapVirtualKeyA
MapVirtualKeyExA
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MenuItemFromPoint
MenuWindowProcA
MenuWindowProcW
MessageBeep
MessageBoxA
MessageBoxExA
MessageBoxExW
MessageBoxIndirectA
MessageBoxIndirectW
MessageBoxTimeoutA
MessageBoxTimeoutW
MessageBoxW
ModifyMenuA
ModifyMenuW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OemKeyScan
OemToCharA
OemToCharBuffA
OemToCharBuffW
OemToCharW
OffsetRect
OpenClipboard

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
144.exe
.exe windows:5 windows x86 arch:x86

dd8fd079a980cb9227eb869f7da9b258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

Sleep
SizeofResource
GetConsoleWindow
GetVersionExW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
GetSystemDirectoryW
CreateEventW
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
CreateProcessA
GetExitCodeProcess
WriteConsoleW
WriteFile
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FindResourceW
GetNativeSystemInfo
GetCommandLineW
GetFileAttributesExW
SetEnvironmentVariableA
LockResource
GetModuleHandleExW
SetStdHandle
ReadConsoleW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
ExitProcess
SetEndOfFile
AreFileApisANSI
GetCommandLineA
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
HeapReAlloc
OutputDebugStringW

user32

ExitWindowsEx
ShowWindow

advapi32

RegisterServiceCtrlHandlerW
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
ChangeServiceConfig2W
LookupPrivilegeValueW
CreateProcessAsUserW
LogonUserW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CreateServiceW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
17697e1829f0d18d2051a67bc2bca134_da3ded254909e9abaa46eb5bc3b10944.exe
.dll windows:4 windows x86 arch:x86

da3ded254909e9abaa46eb5bc3b10944

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

Encode.pdb

Imports

kernel32

CreateTimerQueue
GetCurrentProcessId
GetNumberOfConsoleMouseButtons
GetSystemDefaultLCID
GetNumberFormatW
CloseHandle
ReadFile
CreateFileA
AddAtomA
CompareFileTime
CheckRemoteDebuggerPresent
GetVolumeInformationW
GetDateFormatA
GetSystemTime
lstrcmpiA
GetLogicalDriveStringsA
GetSystemDirectoryA
CancelWaitableTimer
DeactivateActCtx
TerminateProcess
DeleteFiber
AddAtomW
GetConsoleWindow
DebugBreak
VirtualProtect
GetTimeFormatW
GetCurrentProcess
UnlockFile
WriteFile
LockFile
SetFilePointer
CreateFileW
GetLogicalDrives
BackupSeek
RemoveDirectoryW
lstrcmpW
lstrcatA
GetLastError
ContinueDebugEvent
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
DelayLoadFailureHook
RaiseException

gdi32

GetStockObject

comdlg32

ChooseFontW
ChooseFontA
GetSaveFileNameW
GetOpenFileNameA
PageSetupDlgA
FindTextW
GetOpenFileNameW
ReplaceTextW

ntlanman

I_SystemFocusDialog

Exports

Exports

ConformProtocolA
InheritanceAmountVariousW
MightCopy
ObtainSchemaA
ProcessDefaultA
SmartStructureLanguageA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
19561b33793dcb865eae56575a899ce8_kovter_from_Sakura82_taskmanger.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 116KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
19ec0d0e5143940492a1c79c06eb8f18aa9feb356e41b8b79fdc6a16a3bcd7bf_Dumped_TDS=4F9911B3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
19ec0d0e5143940492a1c79c06eb8f18aa9feb356e41b8b79fdc6a16a3bcd7bf_TDS=4F9B33C5.exe
.exe windows:4 windows x86 arch:x86

fcae38cb0b0381e590e953306c0423a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetPriorityClass
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_exit
_XcptFilter
exit
_onexit
__getmainargs
_initterm
__setusermatherr
_acmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 785B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1a6bed2afff1b9880e42a29cea9b8139bcb12e34085fb008de13aa983b82a4f2.exe
.exe windows:4 windows x86 arch:x86

9a3d6959e6823cfab73700f601ca3412

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioWrite
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveOutWrite
waveInUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen
mmioDescend
mmioClose
mmioRead
waveInStop
waveInReset
waveInClose
waveOutUnprepareHeader
waveInOpen
mmioAscend

mfc42

ord4998
ord2379
ord2302
ord567
ord1168
ord1146
ord3574
ord823
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord817
ord348
ord565
ord825
ord2726
ord4226
ord537
ord800
ord1105
ord518
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord2514
ord2621
ord1134
ord641
ord609
ord2256
ord5265
ord4376
ord4853
ord1576
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402

msvcrt

_except_handler3
_controlfp
_onexit
__dllonexit
_setmbcp
__set_app_type
__CxxFrameHandler
memset
strcpy
sprintf
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

kernel32

WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
CreateFileA
GetModuleFileNameA
ResetEvent
Sleep
GetCurrentThreadId
WaitForMultipleObjects
GetLastError
SetEvent

user32

LoadIconA
PostThreadMessageA
PostQuitMessage
EnableWindow

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1f210c60f90fd8403099482455f3220b56b2864bc4d2b6af0abda4a2c3854d40.exe
.exe windows:5 windows x86 arch:x86

f9fd9fd22788b7616e4ebf40a1b7a50c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\SpIIzQyTUrNmlt\awhlngjfneWu\FwCckdYml\fuvhBzN\YwghkOow.pdb

Imports

user32

SetWindowLongW
GetLastActivePopup
RemoveMenu
OemToCharA
wsprintfW
SetWindowRgn
RegisterHotKey
DrawMenuBar
MoveWindow
IsCharUpperA
SetSysColors
IsIconic
CreateAcceleratorTableW
BeginDeferWindowPos
ShowScrollBar
CreateDialogParamW
wsprintfA
ReleaseDC
DefFrameProcW
SetDlgItemInt
AllowSetForegroundWindow
VkKeyScanW
MessageBoxA
InSendMessageEx
InsertMenuItemW
ChildWindowFromPointEx
CreateIconIndirect
GetClassInfoExW
wvsprintfA
DrawFrameControl
GetKeyboardLayoutNameW
DeferWindowPos
GetDC
GetDlgItemInt
EnableWindow
DestroyCaret
MapVirtualKeyExW
InflateRect
SetDlgItemTextW
SendInput
ShowWindowAsync
CharToOemA
DestroyCursor
GetIconInfo
DefFrameProcA
IsCharAlphaNumericW
RegisterWindowMessageA
InSendMessage
CharToOemW
GetDlgItemTextW
OpenInputDesktop
CharNextW
LoadIconA
SendMessageTimeoutA
DestroyIcon
CopyAcceleratorTableW
GetKeyNameTextW
SetWindowTextA
PostThreadMessageA
MessageBoxW
FindWindowExW
GetDlgItemTextA
GetMenuCheckMarkDimensions
GetWindow
FindWindowW
MapVirtualKeyW
EnumChildWindows
GetShellWindow
CopyImage
UnloadKeyboardLayout
LoadBitmapW
GetMonitorInfoW
SendMessageW
MessageBoxExA
CharUpperW
AdjustWindowRect
CascadeWindows
ShowWindow
PostMessageA
LoadMenuA
TrackPopupMenu
ScreenToClient
CloseDesktop
GetScrollRange
ShowCaret
InvertRect
DefWindowProcA
DrawTextA
DestroyMenu
GetDCEx
DrawFocusRect
CharNextExA
GetSysColor
PostThreadMessageW
GetWindowLongW
GetCursorPos
EnumThreadWindows
SetWindowLongA
CharUpperBuffW
IsMenu
ScrollWindowEx
InvalidateRect
DispatchMessageW
SendMessageTimeoutW
GetMenuItemID
GetMenuStringA
IsDialogMessageW
ModifyMenuW
EnumWindows
CheckMenuRadioItem
GetNextDlgGroupItem
ExitWindowsEx
CheckRadioButton
OffsetRect
SetWindowPlacement
GetWindowDC
CreateDialogIndirectParamW
CreatePopupMenu
LoadCursorA
ShowCursor

kernel32

GlobalFlags
GetLocaleInfoW
CreateRemoteThread
SuspendThread
MoveFileA
GetVersionExW
GlobalCompact
GetSystemWindowsDirectoryA
OpenEventW
HeapWalk
DeviceIoControl
GlobalFindAtomW
CreateFileMappingW
GetCurrentDirectoryW
GetStringTypeExW
GlobalAddAtomA
GlobalAddAtomW
IsValidLanguageGroup
SetErrorMode
SetFileTime
GetTempPathA
CreateSemaphoreA
lstrcatW
lstrcpyA
LoadLibraryExA
FormatMessageW
GetModuleHandleW
HeapAlloc
AreFileApisANSI
GetUserDefaultLangID
CreateEventW
LeaveCriticalSection
VerSetConditionMask
OpenSemaphoreW
MulDiv
CreateSemaphoreW
GlobalReAlloc
VirtualAlloc
CompareFileTime
CreateNamedPipeA
RaiseException
LocalLock
SetCurrentDirectoryA
GetModuleFileNameA
RemoveDirectoryA
IsValidLocale
GetStartupInfoA
IsBadReadPtr
SetTimerQueueTimer
FormatMessageA
GlobalMemoryStatus
ClearCommBreak
GetCommTimeouts
GetLongPathNameW
HeapCreate

msvcrt

wcstoul
_controlfp
iswxdigit
iswdigit
calloc
strtol
wcscmp
isupper
fprintf
wcscat
system
wcstod
fseek
__set_app_type
malloc
perror
wcsstr
mbtowc
strncpy
rand
__p__fmode
__p__commode
sprintf
isalpha
atoi
swscanf
strspn
strerror
_amsg_exit
wcslen
clearerr
islower
_initterm
_ismbblead
vswprintf
_XcptFilter
srand
_exit
fwrite
_cexit
__setusermatherr
memset
free
towlower
floor
time
__getmainargs
fputs
fputc

shlwapi

PathIsUNCA

Exports

Exports

?ForwardControlItem@@YGK_KK:O

Sections

.itext
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ips1
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips2
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.read
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ips3
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1f3509cc11ffa1f7d839df93615cf1ba0819d75cafd5ef59110d9b01fb90addd.exe
.exe windows:5 windows x86 arch:x86

34279077e0b0a8977f68ef1f74dc277c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

ws2_32

setsockopt

wldap32

ord32

ole32

CoInitializeEx

oleaut32

VariantInit

user32

MessageBoxA

advapi32

ReportEventA

Sections

.MPRESS1
Size: 2.4MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
20c6d29da875075afa0ed7b4fb58e555de89d4bed13bf5ad109817c593ddd77d.exe
.exe windows:5 windows x86 arch:x86

00be6e6c4f9e287672c8301b72bdabf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
234e77145d329956192c389249e20520851853e2a33779be93530788201b612d.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
263fc6fc9efa4c05a08d9ff1fc7bb060a7b8f376f82afa17fd3fc267bc8e8032.exe
.exe windows:5 windows x86 arch:x86

a9ef346dc1735b2ea2c5680eb21a0e8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
SetMenuItemInfoA
AppendMenuA
CreatePopupMenu
SetWindowTextA
DestroyIcon
LoadIconA
InvalidateRect
CharLowerA
LoadBitmapA
SetDlgItemTextA
GetDlgItemTextA
GetSysColorBrush
DestroyCursor
SetClassLongA
LoadCursorA
GetParent
EnableWindow
GetWindowTextA
EnableMenuItem
IsIconic
MoveWindow
GetWindowDC
TrackPopupMenu
CheckMenuRadioItem
SetTimer
GetActiveWindow
GetClassInfoA
DialogBoxParamA
FindWindowA
SetForegroundWindow
CheckDlgButton
GetDlgItem
EndDialog
IsDlgButtonChecked
SendDlgItemMessageA
wvsprintfA
GetAsyncKeyState
SetClipboardData
GetWindowRect
SetWindowPos
SetWindowLongA
KillTimer
IsZoomed
DestroyMenu
IsWindowEnabled
CheckRadioButton
SetFocus
GetCursorPos
ScreenToClient
SendMessageA
GetClipboardData
CloseClipboard
CallWindowProcA
MessageBeep
wsprintfA
MessageBoxA
CharUpperA
OpenClipboard
EnumClipboardFormats
EmptyClipboard

kernel32

FindClose
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetConsoleMode
GetConsoleCP
RtlUnwind
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapQueryInformation
HeapFree
HeapSize
HeapAlloc
GetDateFormatA
GetTimeFormatA
EnumCalendarInfoExW
EnumCalendarInfoW
SearchPathW
IsSystemResumeAutomatic
GetProfileSectionW
GetCalendarInfoA
GlobalSize
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
Sleep
GetCommandLineA
VirtualAlloc
FindFirstFileA
GetPriorityClass
ReadFile
WriteProcessMemory
GetModuleHandleA
ReadProcessMemory
OpenProcess
GetFileSize
SetCurrentDirectoryA
VirtualLock
VirtualUnlock
GetPrivateProfileStringA
WritePrivateProfileStringA
SetEndOfFile
CreateFileMappingA
MapViewOfFile
CopyFileA
CreatePipe
GetStartupInfoA
MulDiv
UnmapViewOfFile
GetCurrentDirectoryA
WritePrivateProfileStructA
GetPrivateProfileStructA
lstrcmpA
VirtualQueryEx
SetPriorityClass
GetTempPathA
ResumeThread
GetFileAttributesA
lstrcpyA
OutputDebugStringA
SetFileAttributesA
ExitProcess
lstrcmpiA
IsBadReadPtr
VirtualFree
SetThreadPriority
SetFilePointer
FindNextFileA
WriteFile
VirtualProtectEx
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
WideCharToMultiByte
CreateProcessA
lstrlenA
lstrcatA
lstrcpynA
GetLastError
FreeLibrary
LoadLibraryW
DeleteFileA
CloseHandle
TerminateProcess
GetCurrentProcess
CreateMutexA
GetVersion
LocalFree
LocalAlloc
CompareStringW
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceW
GetCurrentThread
GetTickCount
EncodePointer
DecodePointer
GetCommandLineW
ReleaseMutex
GetModuleFileNameA
SetProcessAffinityMask
LoadLibraryA
GetWindowsDirectoryA
GetModuleHandleW
GetProcAddress
GetLocalTime
GetCurrentProcessId
CreateFileA
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2e0da054d03fde4e7b2c2057cc4aa410c64b6ab8777ee6d4fd43f031a5170a23.exe
.zip
Compenso.Pdf______________________________________________________________.exe
.exe windows:5 windows x86 arch:x86

380e5390f65e340268c2e7706d44415e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetTickCount
GetModuleFileNameW
IsDebuggerPresent
GetCPInfo
VirtualQuery
CreateFileA
CloseHandle
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetModuleHandleA
GetCommandLineW
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteConsoleA
RaiseException

user32

GetWindowRect
IsZoomed
GetForegroundWindow
GetWindowLongW
GetDesktopWindow
GetCursor

advapi32

GetUserNameA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f.exe
.exe windows:5 windows x86 arch:x86

0b423ac63181d233abdd715094b34a8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
LoadLibraryW
HeapCreate
GetLastError
LoadLibraryA
LocalAlloc
GetModuleHandleA
CloseHandle
RaiseException
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InterlockedDecrement
GetCPInfo
GetModuleFileNameW
HeapValidate
IsBadReadPtr
InterlockedIncrement
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetProcAddress
GetModuleHandleW
SetLastError
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
GetStringTypeW
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
IsProcessorFeaturePresent
RtlUnwind
SetFilePointer
CreateFileW

user32

CreateWindowExA
LoadCursorA
SetScrollInfo
GetScrollPos
RegisterClassA
GetForegroundWindow

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
30620.ex_.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d10ca6d732bedd1255ab84fd53b9dd1

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

gdi32

comdlg32

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 131KB

.data Size: 22KB - Virtual size: 22KB

.idat Size: 11KB - Virtual size: 11KB

.rdata Size: 25KB - Virtual size: 25KB

.pacdat Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

d2272c14439e25f8ab9a25fca9bf8f5e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

ole32

oleaut32

comctl32

gdiplus

Sections

.text Size: 280KB - Virtual size: 280KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 153KB - Virtual size: 153KB

.rsrc Size: 363KB - Virtual size: 362KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 944KB - Virtual size: 943KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

131f65a1495310a11de90d2a4fd48c96

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 591KB - Virtual size: 605KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 4KB - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

.text
Size: 51KB - Virtual size: 131KB

.data
Size: 22KB - Virtual size: 22KB

.idat
Size: 11KB - Virtual size: 11KB

.rdata
Size: 25KB - Virtual size: 25KB

.pacdat
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 280KB - Virtual size: 280KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 153KB - Virtual size: 153KB

.rsrc
Size: 363KB - Virtual size: 362KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 944KB - Virtual size: 943KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 591KB - Virtual size: 605KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 384KB - Virtual size: 383KB

.data
Size: 40KB - Virtual size: 73KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 8B

.text
Size: 600KB - Virtual size: 596KB

.rdata
Size: 828KB - Virtual size: 824KB

.data
Size: 96KB - Virtual size: 341KB

.rsrc
Size: 76KB - Virtual size: 74KB

.text
Size: 306KB - Virtual size: 305KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 5KB